Vulnerabilities > CVE-2021-20607 - Integer Underflow (Wrap or Wraparound) vulnerability in Mitsubishielectric Ezsocket, GX Works2 and Melsoft Navigator
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://jvn.jp/vu/JVNVU93817405/index.html
- https://jvn.jp/vu/JVNVU93817405/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf