CVE-2021-20606

Published: Dec 17, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

Affected (3)

Products: Mitsubishielectric: Ezsocket, Gx Works2, Melsoft Navigator

Mitsubishielectric

3 products

Melsoft Navigator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Ezsocket	Up to 5.4
Mitsubishielectric Gx Works2	Up to 1.606g
Mitsubishielectric Melsoft Navigator	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

https://jvn.jp/vu/JVNVU93817405/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

PatchThird Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

PatchVendor Advisory

https://jvn.jp/vu/JVNVU93817405/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.