PT-2022-25311 · Mitsubishi · Got2000 Series Gt27+2
Published
2022-11-24
·
Updated
2022-11-30
·
CVE-2022-40266
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior
Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior
Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior
Description
The issue is related to an Improper Input Validation vulnerability in the FTP server of the Mitsubishi Electric GOT2000 Series. This vulnerability allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted commands.
Recommendations
For Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, update to a version later than 01.39.000 to resolve the issue.
For Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior, update to a version later than 01.39.000 to resolve the issue.
For Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior, update to a version later than 01.39.000 to resolve the issue.
As a temporary workaround, consider restricting access to the FTP server until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Got2000 Series Gt23
Got2000 Series Gt25
Got2000 Series Gt27