CVE-2021-20607

Published: Dec 17, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

Affected (3)

Products: Mitsubishielectric: Ezsocket, Gx Works2, Melsoft Navigator

Mitsubishielectric

3 products

Melsoft Navigator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Ezsocket	Up to 5.4
Mitsubishielectric Gx Works2	Up to 1.606g
Mitsubishielectric Melsoft Navigator	All versions

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (6)

https://jvn.jp/vu/JVNVU93817405/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

PatchThird Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

PatchVendor Advisory

https://jvn.jp/vu/JVNVU93817405/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.