| |
Vulnerability CVE-2020-5599
Published: 2020-07-07
Description: |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. |
Type:
CWE-74
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://jvn.jp/en/vu/JVNVU95413676/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf
|
|
|
Copyright 2024, cxsecurity.com
|
|
|