CVE-2021-20590

Name of the Vulnerable Software and Affected Versions GOT2000 series GT27 model VNC server versions 01.39.010 and prior GOT2000 series GT25 model VNC server versions 01.39.010 and prior GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior

Description The issue is related to improper authentication in the VNC server of certain Mitsubishi Electric graphic operation terminals. This allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used. The vulnerability can be exploited by a remote attacker to obtain unauthorized access to protected information.

Recommendations For GOT2000 series GT27 model VNC server versions 01.39.010 and prior, update to a version later than 01.39.010. For GOT2000 series GT25 model VNC server versions 01.39.010 and prior, update to a version later than 01.39.010. For GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, update to a version later than 01.40.000. For GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, update to a version later than 01.40.000. For GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior, update to a version later than 01.40.000. For GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior, update to a version later than 01.40.000. As a temporary workaround, consider disabling the VNC server function until a patch is available.