CVE-2021-20607

EPSS 0.15%
Veröffentlicht 17.12.2021 17:15:11
Zuletzt bearbeitet 21.11.2024 05:46:51
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Ezsocket Version <= 5.4

Mitsubishielectric ≫ Gx Works2 Version <= 1.606g

Mitsubishielectric ≫ Melsoft Navigator

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.324

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://jvn.jp/vu/JVNVU93817405/index.html

Patch

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20607

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-20607