Description
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf
Patch, Third Party Advisory x_refsource_misc
https://jvn.jp/vu/JVNVU93817405/index.html
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (3)
mitsubishielectric/ezsocket
< 5.4
mitsubishielectric/gx_works2
< 1.606g
mitsubishielectric/melsoft_navigator
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026