5.5

CVE-2021-20606

EPSS 0.15%
Veröffentlicht 17.12.2021 17:15:11
Zuletzt bearbeitet 21.11.2024 05:46:51
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Ezsocket Version <= 5.4

Mitsubishielectric ≫ Gx Works2 Version <= 1.606g

Mitsubishielectric ≫ Melsoft Navigator

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.324

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://jvn.jp/vu/JVNVU93817405/index.html

Patch

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20606

EUVD