Sign-up

ID

VAR-202007-1224


CVE

CVE-2020-5596


TITLE

Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469

DESCRIPTION

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure

Trust: 2.16

sources: NVD: CVE-2020-5596 // JVNDB: JVNDB-2020-006469 // CNVD: CNVD-2020-38410

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38410

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:coreosscope:lteversion:y

Trust: 1.0

vendor:mitsubishi electricmodel:gt23 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt25 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt27 modelscope: - version: -

Trust: 0.8

vendor:mitsubishimodel:electric gt23 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt25 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt27 modelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-38410 // JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5596
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-006469
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-38410
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-305
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5596
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38410
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5596
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-006469
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38410 // JVNDB: JVNDB-2020-006469 // CNNVD: CNNVD-202007-305 // NVD: CVE-2020-5596

PROBLEMTYPE DATA

problemtype:CWE-384

Trust: 1.8

problemtype:CWE-476

Trust: 0.8

problemtype:CWE-119

Trust: 0.8

problemtype:CWE-399

Trust: 0.8

problemtype:CWE-88

Trust: 0.8

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5596

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-305

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-305

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006469

PATCH
title:GOT2000シリーズにおけるTCP/IPスタックの複数の脆弱性url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf
Trust: 0.8
title:Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/248851
Trust: 0.6
title:Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38410 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-305

EXTERNAL IDS
db:NVDid:CVE-2020-5596
Trust: 3.0
db:JVNid:JVNVU95413676
Trust: 2.4
db:ICS CERTid:ICSA-20-189-02
Trust: 2.0
db:JVNDBid:JVNDB-2020-006469
Trust: 1.4
db:CNVDid:CNVD-2020-38410
Trust: 0.6
db:AUSCERTid:ESB-2020.2312
Trust: 0.6
db:CNNVDid:CNNVD-202007-305
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38410 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-305 // 
            
            
            
            NVD: CVE-2020-5596

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02
Trust: 2.0
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Trust: 1.6
url:https://jvn.jp/en/vu/jvnvu95413676/index.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95413676/index.html
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5596
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2312/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38410 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-305 // 
            
            
            
            NVD: CVE-2020-5596

SOURCES
db:CNVDid:CNVD-2020-38410
db:JVNDBid:JVNDB-2020-006469
db:CNNVDid:CNNVD-202007-305
db:NVDid:CVE-2020-5596

LAST UPDATE DATE
2024-11-23T22:05:45.706000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-38410date:2021-02-23T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-305date:2020-07-15T00:00:00
db:NVDid:CVE-2020-5596date:2024-11-21T05:34:20.100

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-38410date:2020-07-13T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-305date:2020-07-07T00:00:00
db:NVDid:CVE-2020-5596date:2020-07-07T09:15:10.153