CVE-2021-20592
HIGHMitsubishi Electric GOT2000 Series and GT SoftGOT2000 - Denial of Service via MODBUS/TCP Connection Flood
Title source: llmDescription
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdf
Third Party Advisory x_refsource_misc
https://jvn.jp/vu/JVNVU92414172/index.html
Scores
CVSS v3
7.5
EPSS
0.0150
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-662
Status
published
Products (4)
mitsubishielectric/got2000_gt23_firmware
01.19.000 - 01.39.010
mitsubishielectric/got2000_gt25_firmware
01.19.000 - 01.39.010
mitsubishielectric/got2000_gt27_firmware
01.19.000 - 01.39.010
mitsubishielectric/gt_softgot2000
1.170c - 1.256s
Published
Aug 05, 2021
Tracked Since
Feb 18, 2026