Sign-up

ID

VAR-202007-1223


CVE

CVE-2020-5595


TITLE

Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469

DESCRIPTION

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code

Trust: 2.16

sources: NVD: CVE-2020-5595 // JVNDB: JVNDB-2020-006469 // CNVD: CNVD-2020-38411

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38411

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:coreosscope:lteversion:y

Trust: 1.0

vendor:mitsubishi electricmodel:gt23 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt25 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt27 modelscope: - version: -

Trust: 0.8

vendor:mitsubishimodel:electric gt23 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt25 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt27 modelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-38411 // JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5595
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2020-006469
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-38411
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-304
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-5595
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38411
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5595
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-006469
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38411 // JVNDB: JVNDB-2020-006469 // CNNVD: CNNVD-202007-304 // NVD: CVE-2020-5595

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-476

Trust: 0.8

problemtype:CWE-384

Trust: 0.8

problemtype:CWE-119

Trust: 0.8

problemtype:CWE-399

Trust: 0.8

problemtype:CWE-88

Trust: 0.8

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-304

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-304

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006469

PATCH
title:GOT2000シリーズにおけるTCP/IPスタックの複数の脆弱性url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf
Trust: 0.8
title:Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric productsurl:https://www.cnvd.org.cn/patchInfo/show/248901
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38411 // 
            
            
            
            JVNDB: JVNDB-2020-006469

EXTERNAL IDS
db:NVDid:CVE-2020-5595
Trust: 3.0
db:JVNid:JVNVU95413676
Trust: 2.4
db:ICS CERTid:ICSA-20-189-02
Trust: 2.0
db:JVNDBid:JVNDB-2020-006469
Trust: 1.4
db:CNVDid:CNVD-2020-38411
Trust: 0.6
db:AUSCERTid:ESB-2020.2312
Trust: 0.6
db:CNNVDid:CNNVD-202007-304
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38411 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-304 // 
            
            
            
            NVD: CVE-2020-5595

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02
Trust: 2.0
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Trust: 1.6
url:https://jvn.jp/en/vu/jvnvu95413676/index.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95413676/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5595
Trust: 0.6
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2312/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38411 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-304 // 
            
            
            
            NVD: CVE-2020-5595

SOURCES
db:CNVDid:CNVD-2020-38411
db:JVNDBid:JVNDB-2020-006469
db:CNNVDid:CNNVD-202007-304
db:NVDid:CVE-2020-5595

LAST UPDATE DATE
2024-11-23T22:05:45.679000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-38411date:2021-02-23T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-304date:2020-07-15T00:00:00
db:NVDid:CVE-2020-5595date:2024-11-21T05:34:20

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-38411date:2020-07-13T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-304date:2020-07-07T00:00:00
db:NVDid:CVE-2020-5595date:2020-07-07T09:15:10.057