CVE-2022-40266
MEDIUMMitsubishi Electric GOT2000 Series GT27/GT25/GT23 Firmware < 01.39.000 - Authenticated Denial of Service via FTP Command
Title source: llmDescription
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/vu/JVNVU95633416
Mitigation, Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
Scores
CVSS v3
5.3
EPSS
0.0048
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (3)
mitsubishielectric/got2000_gt23_firmware
< 01.39.000
mitsubishielectric/got2000_gt25_firmware
< 01.39.000
mitsubishielectric/got2000_gt27_firmware
< 01.39.000
Published
Nov 24, 2022
Tracked Since
Feb 18, 2026