CVE-2021-20601

HIGH

Mitsubishi Electric GOT2000 and GT SoftGOT2000 - Unauthenticated Improper Input Validation via Malicious Packet

Title source: llm
STIX 2.1

Description

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/vu/JVNVU98072504
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02

Scores

CVSS v3 7.5
EPSS 0.0037
EPSS Percentile 58.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (50)
mitsubishielectric/got2000_gt2103-pmbd_firmware
mitsubishielectric/got2000_gt2103-pmbds2_firmware
mitsubishielectric/got2000_gt2103-pmbds_firmware
mitsubishielectric/got2000_gt2103-pmbls_firmware
mitsubishielectric/got2000_gt2104-rtbd_firmware
mitsubishielectric/got2000_gt2107-wtbd_firmware
mitsubishielectric/got2000_gt2308-vtba_firmware
mitsubishielectric/got2000_gt2308-vtbd_firmware
mitsubishielectric/got2000_gt2310-vtba_firmware
mitsubishielectric/got2000_gt2310-vtbd_firmware
... and 40 more
Published Nov 23, 2021
Tracked Since Feb 18, 2026