cvelistv5 - cve-2021-20608

CVE-2021-20608 (GCVE-0-2021-20608)

Vulnerability from cvelistv5

Published

2021-12-17 16:10

Modified

2024-08-03 17:45

Severity ?

Summary

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU93019896/index.html	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04	Third Party Advisory, US Government Resource
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU93019896/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	GX Works2	Version: versions 1.606G and prior

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:45:44.831Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/vu/JVNVU93019896/index.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "GX Works2",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "versions 1.606G and prior",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Improper Handling of Length Parameter Inconsistency",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-12-17T16:10:27",
            orgId: "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            shortName: "Mitsubishi",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jvn.jp/vu/JVNVU93019896/index.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
               ID: "CVE-2021-20608",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "GX Works2",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "versions 1.606G and prior",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Handling of Length Parameter Inconsistency",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
                     refsource: "MISC",
                     url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
                  },
                  {
                     name: "https://jvn.jp/vu/JVNVU93019896/index.html",
                     refsource: "MISC",
                     url: "https://jvn.jp/vu/JVNVU93019896/index.html",
                  },
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
                     refsource: "MISC",
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
      assignerShortName: "Mitsubishi",
      cveId: "CVE-2021-20608",
      datePublished: "2021-12-17T16:10:27",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:45:44.831Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.606g\", \"matchCriteriaId\": \"32F0E13C-4862-4A58-8F16-4E0D925FEA33\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Manejo Inapropiado de la Inconsistencia de los Par\\u00e1metros de Longitud en Mitsubishi Electric GX Works2 versiones 1.606G y anteriores, permite a un atacante remoto no autenticado causar una condici\\u00f3n de DoS en GX Works2 al conseguir que GX Works2 lea un archivo de programa manipulado de un PLC de Mitsubishi Electric mediante el env\\u00edo de paquetes maliciosos dise\\u00f1ados para manipular el archivo de programa\"}]",
         id: "CVE-2021-20608",
         lastModified: "2024-11-21T05:46:52.040",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2021-12-17T17:15:11.937",
         references: "[{\"url\": \"https://jvn.jp/vu/JVNVU93019896/index.html\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU93019896/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
         sourceIdentifier: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2021-20608\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2021-12-17T17:15:11.937\",\"lastModified\":\"2024-11-21T05:46:52.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Manejo Inapropiado de la Inconsistencia de los Parámetros de Longitud en Mitsubishi Electric GX Works2 versiones 1.606G y anteriores, permite a un atacante remoto no autenticado causar una condición de DoS en GX Works2 al conseguir que GX Works2 lea un archivo de programa manipulado de un PLC de Mitsubishi Electric mediante el envío de paquetes maliciosos diseñados para manipular el archivo de programa\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.606g\",\"matchCriteriaId\":\"32F0E13C-4862-4A58-8F16-4E0D925FEA33\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU93019896/index.html\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU93019896/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}

ghsa-jvfx-87xv-97xc

Vulnerability from github

Published

2021-12-18 00:00

Modified

2021-12-28 00:01

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2021-20608",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2021-12-17T17:15:00Z",
      severity: "HIGH",
   },
   details: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
   id: "GHSA-jvfx-87xv-97xc",
   modified: "2021-12-28T00:01:31Z",
   published: "2021-12-18T00:00:51Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2021-20608",
      },
      {
         type: "WEB",
         url: "https://jvn.jp/vu/JVNVU93019896/index.html",
      },
      {
         type: "WEB",
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
      },
      {
         type: "WEB",
         url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

fkie_cve-2021-20608

Vulnerability from fkie_nvd

Published

2021-12-17 17:15

Modified

2024-11-21 05:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU93019896/index.html	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04	Third Party Advisory, US Government Resource
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU93019896/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mitsubishielectric	gx_works2	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F0E13C-4862-4A58-8F16-4E0D925FEA33",
                     versionEndIncluding: "1.606g",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de Manejo Inapropiado de la Inconsistencia de los Parámetros de Longitud en Mitsubishi Electric GX Works2 versiones 1.606G y anteriores, permite a un atacante remoto no autenticado causar una condición de DoS en GX Works2 al conseguir que GX Works2 lea un archivo de programa manipulado de un PLC de Mitsubishi Electric mediante el envío de paquetes maliciosos diseñados para manipular el archivo de programa",
      },
   ],
   id: "CVE-2021-20608",
   lastModified: "2024-11-21T05:46:52.040",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-12-17T17:15:11.937",
   references: [
      {
         source: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/vu/JVNVU93019896/index.html",
      },
      {
         source: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
      },
      {
         source: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/vu/JVNVU93019896/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
      },
   ],
   sourceIdentifier: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

gsd-2021-20608

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-20608

Aliases

CVE-2021-20608

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2021-20608",
      description: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
      id: "GSD-2021-20608",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2021-20608",
         ],
         details: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
         id: "GSD-2021-20608",
         modified: "2023-12-13T01:23:12.809300Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            ID: "CVE-2021-20608",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "GX Works2",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "versions 1.606G and prior",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "Improper Handling of Length Parameter Inconsistency",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
                  refsource: "MISC",
                  url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
               },
               {
                  name: "https://jvn.jp/vu/JVNVU93019896/index.html",
                  refsource: "MISC",
                  url: "https://jvn.jp/vu/JVNVU93019896/index.html",
               },
               {
                  name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
                  refsource: "MISC",
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "1.606g",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
               ID: "CVE-2021-20608",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "NVD-CWE-Other",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
                     refsource: "MISC",
                     tags: [
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04",
                  },
                  {
                     name: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
                  },
                  {
                     name: "https://jvn.jp/vu/JVNVU93019896/index.html",
                     refsource: "MISC",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://jvn.jp/vu/JVNVU93019896/index.html",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 3.9,
               impactScore: 3.6,
            },
         },
         lastModifiedDate: "2021-12-27T18:30Z",
         publishedDate: "2021-12-17T17:15Z",
      },
   },
}

icsa-21-350-04

Vulnerability from csaf_cisa

Published

2021-12-16 00:00

Modified

2021-12-16 00:00

Summary

Mitsubishi Electric GX Works2

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            organization: "Mitsubishi Electric",
            summary: "reporting this vulnerability to CISA",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Disclosure is not limited",
         tlp: {
            label: "WHITE",
            url: "https://us-cert.cisa.gov/tlp/",
         },
      },
      lang: "en-US",
      notes: [
         {
            category: "general",
            text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
            title: "CISA Disclaimer",
         },
         {
            category: "legal_disclaimer",
            text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
            title: "Legal Notice",
         },
         {
            category: "summary",
            text: "Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2.",
            title: "Risk evaluation",
         },
         {
            category: "other",
            text: "Critical Manufacturing",
            title: "Critical infrastructure sectors",
         },
         {
            category: "other",
            text: "Worldwide",
            title: "Countries/areas deployed",
         },
         {
            category: "other",
            text: "Japan",
            title: "Company headquarters location",
         },
         {
            category: "general",
            text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
            title: "Recommended Practices",
         },
         {
            category: "other",
            text: "No known public exploits specifically target this vulnerability.",
            title: "Exploitability",
         },
      ],
      publisher: {
         category: "coordinator",
         contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
         name: "CISA",
         namespace: "https://www.cisa.gov/",
      },
      references: [
         {
            category: "self",
            summary: "ICS Advisory ICSA-21-350-04 JSON",
            url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-04.json",
         },
         {
            category: "self",
            summary: "ICS Advisory ICSA-21-350-04 Web Version",
            url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-04",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B",
         },
      ],
      title: "Mitsubishi Electric GX Works2",
      tracking: {
         current_release_date: "2021-12-16T00:00:00.000000Z",
         generator: {
            engine: {
               name: "CISA CSAF Generator",
               version: "1.0.0",
            },
         },
         id: "ICSA-21-350-04",
         initial_release_date: "2021-12-16T00:00:00.000000Z",
         revision_history: [
            {
               date: "2021-12-16T00:00:00.000000Z",
               legacy_version: "Initial",
               number: "1",
               summary: "ICSA-21-350-04 Mitsubishi GX Works2",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<= 1.606G",
                        product: {
                           name: "GX Works2: Versions 1.606G and prior",
                           product_id: "CSAFPID-0001",
                        },
                     },
                  ],
                  category: "product_name",
                  name: "GX Works2",
               },
            ],
            category: "vendor",
            name: "Mitsubishi Electric",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-20608",
         cwe: {
            id: "CWE-130",
            name: "Improper Handling of Length Parameter Inconsistency",
         },
         notes: [
            {
               category: "summary",
               text: "If an attacker tampers with a program file in a Mitsubishi Electric PLC by sending malicious crafted packets to the PLC, reading the program file into GX Works2, the engineering software incorrectly handles a length field that is inconsistent with the actual length of the associated data, which could result in a denial-of-service condition in the software.CVE-2021-20608 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H).",
               title: "Vulnerability Summary",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-0001",
            ],
         },
         references: [
            {
               category: "external",
               summary: "web.nvd.nist.gov",
               url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20608",
            },
            {
               category: "external",
               summary: "www.first.org",
               url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "GX Works2, version 1.610L or later",
               product_ids: [
                  "CSAFPID-0001",
               ],
               url: "https://www.mitsubishielectric.com/fa/#software",
            },
            {
               category: "mitigation",
               details: "Unzip the downloaded file (zip format).",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Run \"setup.exe\" in the extracted folder to install.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Restrict the connection of all control system devices and systems to the network so  they can only be accessed from trusted networks and hosts.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Locate control system networks and remote devices behind firewalls and isolate them from the business network.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Use virtual private network (VPN) when remote access to Mitsubishi Electric PLC is required.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "For specific update instructions and additional details see the Mitsubishi Electric advisory.",
               product_ids: [
                  "CSAFPID-0001",
               ],
               url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "CSAFPID-0001",
               ],
            },
         ],
      },
   ],
}

ICSA-21-350-04

Vulnerability from csaf_cisa

Published

2021-12-16 00:00

Modified

2021-12-16 00:00

Summary

Mitsubishi Electric GX Works2

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            organization: "Mitsubishi Electric",
            summary: "reporting this vulnerability to CISA",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Disclosure is not limited",
         tlp: {
            label: "WHITE",
            url: "https://us-cert.cisa.gov/tlp/",
         },
      },
      lang: "en-US",
      notes: [
         {
            category: "general",
            text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
            title: "CISA Disclaimer",
         },
         {
            category: "legal_disclaimer",
            text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
            title: "Legal Notice",
         },
         {
            category: "summary",
            text: "Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2.",
            title: "Risk evaluation",
         },
         {
            category: "other",
            text: "Critical Manufacturing",
            title: "Critical infrastructure sectors",
         },
         {
            category: "other",
            text: "Worldwide",
            title: "Countries/areas deployed",
         },
         {
            category: "other",
            text: "Japan",
            title: "Company headquarters location",
         },
         {
            category: "general",
            text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
            title: "Recommended Practices",
         },
         {
            category: "general",
            text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
            title: "Recommended Practices",
         },
         {
            category: "other",
            text: "No known public exploits specifically target this vulnerability.",
            title: "Exploitability",
         },
      ],
      publisher: {
         category: "coordinator",
         contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
         name: "CISA",
         namespace: "https://www.cisa.gov/",
      },
      references: [
         {
            category: "self",
            summary: "ICS Advisory ICSA-21-350-04 JSON",
            url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-04.json",
         },
         {
            category: "self",
            summary: "ICS Advisory ICSA-21-350-04 Web Version",
            url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-04",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf",
         },
         {
            category: "external",
            summary: "Recommended Practices",
            url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B",
         },
      ],
      title: "Mitsubishi Electric GX Works2",
      tracking: {
         current_release_date: "2021-12-16T00:00:00.000000Z",
         generator: {
            engine: {
               name: "CISA CSAF Generator",
               version: "1.0.0",
            },
         },
         id: "ICSA-21-350-04",
         initial_release_date: "2021-12-16T00:00:00.000000Z",
         revision_history: [
            {
               date: "2021-12-16T00:00:00.000000Z",
               legacy_version: "Initial",
               number: "1",
               summary: "ICSA-21-350-04 Mitsubishi GX Works2",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<= 1.606G",
                        product: {
                           name: "GX Works2: Versions 1.606G and prior",
                           product_id: "CSAFPID-0001",
                        },
                     },
                  ],
                  category: "product_name",
                  name: "GX Works2",
               },
            ],
            category: "vendor",
            name: "Mitsubishi Electric",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-20608",
         cwe: {
            id: "CWE-130",
            name: "Improper Handling of Length Parameter Inconsistency",
         },
         notes: [
            {
               category: "summary",
               text: "If an attacker tampers with a program file in a Mitsubishi Electric PLC by sending malicious crafted packets to the PLC, reading the program file into GX Works2, the engineering software incorrectly handles a length field that is inconsistent with the actual length of the associated data, which could result in a denial-of-service condition in the software.CVE-2021-20608 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H).",
               title: "Vulnerability Summary",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-0001",
            ],
         },
         references: [
            {
               category: "external",
               summary: "web.nvd.nist.gov",
               url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20608",
            },
            {
               category: "external",
               summary: "www.first.org",
               url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "GX Works2, version 1.610L or later",
               product_ids: [
                  "CSAFPID-0001",
               ],
               url: "https://www.mitsubishielectric.com/fa/#software",
            },
            {
               category: "mitigation",
               details: "Unzip the downloaded file (zip format).",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Run \"setup.exe\" in the extracted folder to install.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Restrict the connection of all control system devices and systems to the network so  they can only be accessed from trusted networks and hosts.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Locate control system networks and remote devices behind firewalls and isolate them from the business network.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "Use virtual private network (VPN) when remote access to Mitsubishi Electric PLC is required.",
               product_ids: [
                  "CSAFPID-0001",
               ],
            },
            {
               category: "mitigation",
               details: "For specific update instructions and additional details see the Mitsubishi Electric advisory.",
               product_ids: [
                  "CSAFPID-0001",
               ],
               url: "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-020_en.pdf",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "CSAFPID-0001",
               ],
            },
         ],
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-20608 (GCVE-0-2021-20608)

Vulnerability from cvelistv5

ghsa-jvfx-87xv-97xc

Vulnerability from github

fkie_cve-2021-20608

Vulnerability from fkie_nvd

gsd-2021-20608

Vulnerability from gsd

icsa-21-350-04

Vulnerability from csaf_cisa

ICSA-21-350-04

Vulnerability from csaf_cisa

Tags

Sightings

Nomenclature