CVE-2021-20592

Name of the Vulnerable Software and Affected Versions: GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010 GOT2000 series GT25 model communication driver versions 01.19.000 through 01.39.010 GOT2000 series GT23 model communication driver versions 01.19.000 through 01.39.010 GT SoftGOT2000 versions 1.170C through 1.256S

Description: A missing synchronization issue in the communication driver allows a remote unauthenticated attacker to cause a Denial of Service (DoS) condition on the MODBUS/TCP slave communication function by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

Recommendations: For GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, update to a version outside of this range to resolve the issue. For GOT2000 series GT25 model communication driver versions 01.19.000 through 01.39.010, update to a version outside of this range to resolve the issue. For GOT2000 series GT23 model communication driver versions 01.19.000 through 01.39.010, update to a version outside of this range to resolve the issue. For GT SoftGOT2000 versions 1.170C through 1.256S, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the MODBUS/TCP communication port to minimize the risk of exploitation.