Vulnerabilities > Mitsubishielectric > Coreos > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-5649 Resource Exhaustion vulnerability in Mitsubishielectric Coreos 05.65.00.Bd
Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-400
5.0
2020-11-06 CVE-2020-5648 Argument Injection or Modification vulnerability in Mitsubishielectric Coreos
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-88
6.5
2020-11-06 CVE-2020-5646 NULL Pointer Dereference vulnerability in Mitsubishielectric Coreos
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-476
5.0
2020-11-06 CVE-2020-5645 Session Fixation vulnerability in Mitsubishielectric Coreos
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
5.0
2020-07-07 CVE-2020-5600 Resource Exhaustion vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-400
5.0
2020-07-07 CVE-2020-5598 Incorrect Authorization vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-863
5.0
2020-07-07 CVE-2020-5597 NULL Pointer Dereference vulnerability in Mitsubishielectric Coreos Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-476
5.0
2020-07-07 CVE-2020-5596 Session Fixation vulnerability in Mitsubishielectric Coreos Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
5.0