Sign-up

ID

VAR-202007-1226


CVE

CVE-2020-5598


TITLE

Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469

DESCRIPTION

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric. CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes

Trust: 2.25

sources: NVD: CVE-2020-5598 // JVNDB: JVNDB-2020-006469 // CNVD: CNVD-2020-46800 // VULMON: CVE-2020-5598

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46800

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:coreosscope:lteversion:y

Trust: 1.0

vendor:mitsubishi electricmodel:gt23 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt25 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt27 modelscope: - version: -

Trust: 0.8

vendor:mitsubishimodel:electric gt27 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt25 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt23 modelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-46800 // JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5598
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-006469
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-46800
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-307
value: HIGH

Trust: 0.6

VULMON: CVE-2020-5598
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5598
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-46800
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5598
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-006469
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46800 // VULMON: CVE-2020-5598 // JVNDB: JVNDB-2020-006469 // CNNVD: CNNVD-202007-307 // NVD: CVE-2020-5598

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-476

Trust: 0.8

problemtype:CWE-384

Trust: 0.8

problemtype:CWE-119

Trust: 0.8

problemtype:CWE-399

Trust: 0.8

problemtype:CWE-88

Trust: 0.8

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-307

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006469

PATCH
title:GOT2000シリーズにおけるTCP/IPスタックの複数の脆弱性url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf
Trust: 0.8
title:Patch for Access control error vulnerabilities in multiple Mitsubishi Electric productsurl:https://www.cnvd.org.cn/patchInfo/show/231115
Trust: 0.6
title:Multiple Mitsubishi Electric Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-46800 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-307

EXTERNAL IDS
db:NVDid:CVE-2020-5598
Trust: 3.1
db:JVNid:JVNVU95413676
Trust: 2.5
db:ICS CERTid:ICSA-20-189-02
Trust: 2.0
db:JVNDBid:JVNDB-2020-006469
Trust: 1.4
db:CNVDid:CNVD-2020-46800
Trust: 0.6
db:AUSCERTid:ESB-2020.2312
Trust: 0.6
db:CNNVDid:CNNVD-202007-307
Trust: 0.6
db:VULMONid:CVE-2020-5598
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-46800 // 
            
            
            
            VULMON: CVE-2020-5598 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-307 // 
            
            
            
            NVD: CVE-2020-5598

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02
Trust: 2.0
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Trust: 1.7
url:https://jvn.jp/en/vu/jvnvu95413676/index.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95413676/index.html
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2312/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5598
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-46800 // 
            
            
            
            VULMON: CVE-2020-5598 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-307 // 
            
            
            
            NVD: CVE-2020-5598

SOURCES
db:CNVDid:CNVD-2020-46800
db:VULMONid:CVE-2020-5598
db:JVNDBid:JVNDB-2020-006469
db:CNNVDid:CNNVD-202007-307
db:NVDid:CVE-2020-5598

LAST UPDATE DATE
2024-11-23T22:05:45.595000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-46800date:2020-08-19T00:00:00
db:VULMONid:CVE-2020-5598date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-307date:2020-07-15T00:00:00
db:NVDid:CVE-2020-5598date:2024-11-21T05:34:20.297

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-46800date:2020-08-19T00:00:00
db:VULMONid:CVE-2020-5598date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-307date:2020-07-07T00:00:00
db:NVDid:CVE-2020-5598date:2020-07-07T09:15:10.307