CVE-2022-40266

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU95633416	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf	Mitigation Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*

Information

Published : 2022-11-24 01:15

Updated : 2022-11-30 12:02

NVD link : CVE-2022-40266

Mitre link : CVE-2022-40266

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

mitsubishielectric

got2000_gt23
got2000_gt23_firmware
got2000_gt27
got2000_gt27_firmware
got2000_gt25_firmware
got2000_gt25

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://jvn.jp/vu/JVNVU95633416", "name": "https://jvn.jp/vu/JVNVU95633416", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf", "tags": ["Mitigation", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-40266", "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2022-11-24T09:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "01.39.000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "01.39.000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "01.39.000"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-30T20:02Z"}