Vulnerabilities > CVE-2020-5598 - Incorrect Authorization vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

mitsubishielectric

CWE-863

NVD

Published: 2020-07-07

Updated: 2021-07-21

Summary

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric Coreos - Mitsubishielectric Coreos 05.65.00.Bd Mitsubishielectric Coreos Y	3
Hardware	Mitsubishielectric Mitsubishielectric Got2000 Gt23 - Mitsubishielectric Got2000 Gt25 - Mitsubishielectric Got2000 Gt27 -	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References