Severity

High

Analysis Summary

Mitsubishi Electric GOT2000 series could allow a remote attacker to execute arbitrary commands on the system, caused by an argument injection flaw in the TCP/IP function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

Denial of service

Affected Vendors

Mitsubishi Electric

Affected Products

• Mitsubishi Electric GOT2000 series GT23 Model
• Mitsubishi Electric GOT2000 series GT25 Model
• Mitsubishi Electric GOT2000 series GT27 Model

Remedition

Refer to Mitsubishi Electric Security Advisory for patch, upgrade or suggested workaround information.

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf