Sign-up

ID

VAR-202007-1228


CVE

CVE-2020-5600


TITLE

Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469

DESCRIPTION

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric. CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2020-5600 // JVNDB: JVNDB-2020-006469 // CNVD: CNVD-2020-46798

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46798

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:coreosscope:lteversion:y

Trust: 1.0

vendor:mitsubishi electricmodel:gt23 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt25 modelscope: - version: -

Trust: 0.8

vendor:mitsubishi electricmodel:gt27 modelscope: - version: -

Trust: 0.8

vendor:mitsubishimodel:electric gt27 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt25 modelscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric gt23 modelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-46798 // JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5600
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-006469
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-46798
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-308
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5600
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-46798
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5600
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-006469
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46798 // JVNDB: JVNDB-2020-006469 // CNNVD: CNNVD-202007-308 // NVD: CVE-2020-5600

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-476

Trust: 0.8

problemtype:CWE-384

Trust: 0.8

problemtype:CWE-119

Trust: 0.8

problemtype:CWE-399

Trust: 0.8

problemtype:CWE-88

Trust: 0.8

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2020-006469 // NVD: CVE-2020-5600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-308

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202007-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006469

PATCH
title:GOT2000シリーズにおけるTCP/IPスタックの複数の脆弱性url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf
Trust: 0.8
title:Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)url:https://www.cnvd.org.cn/patchInfo/show/231124
Trust: 0.6
title:Multiple Mitsubishi Electric Product resource management error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-46798 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-308

EXTERNAL IDS
db:NVDid:CVE-2020-5600
Trust: 3.0
db:JVNid:JVNVU95413676
Trust: 2.4
db:ICS CERTid:ICSA-20-189-02
Trust: 2.0
db:JVNDBid:JVNDB-2020-006469
Trust: 1.4
db:CNVDid:CNVD-2020-46798
Trust: 0.6
db:AUSCERTid:ESB-2020.2312
Trust: 0.6
db:CNNVDid:CNNVD-202007-308
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-46798 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-308 // 
            
            
            
            NVD: CVE-2020-5600

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02
Trust: 2.0
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
Trust: 1.6
url:https://jvn.jp/en/vu/jvnvu95413676/index.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95413676/index.html
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5600
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2312/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-46798 // 
            
            
            
            JVNDB: JVNDB-2020-006469 // 
            
            
            
            CNNVD: CNNVD-202007-308 // 
            
            
            
            NVD: CVE-2020-5600

SOURCES
db:CNVDid:CNVD-2020-46798
db:JVNDBid:JVNDB-2020-006469
db:CNNVDid:CNNVD-202007-308
db:NVDid:CVE-2020-5600

LAST UPDATE DATE
2024-11-23T22:05:45.626000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-46798date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-308date:2020-07-15T00:00:00
db:NVDid:CVE-2020-5600date:2024-11-21T05:34:20.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-46798date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-006469date:2020-07-09T00:00:00
db:CNNVDid:CNNVD-202007-308date:2020-07-07T00:00:00
db:NVDid:CVE-2020-5600date:2020-07-07T09:15:10.450