CVE-2023-3373

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior Mitsubishi Electric Corporation GOT SIMPLE Series GS21 model versions 01.49.000 and prior

Description The issue is related to a Predictable Exact Value from Previous Values vulnerability, which allows a remote unauthenticated attacker to hijack data connections or prevent legitimate users from establishing data connections. This can be achieved by guessing the listening port of the data connection on the FTP server and connecting to it, potentially leading to session hijacking or a Denial of Service (DoS) condition.

Recommendations For Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior: update to a version later than 01.49.000 to resolve the issue. For Mitsubishi Electric Corporation GOT SIMPLE Series GS21 model versions 01.49.000 and prior: update to a version later than 01.49.000 to resolve the issue. As a temporary workaround, consider restricting access to the FTP server to minimize the risk of exploitation.