正文

mitsubishi gt27_firmware 内存缓冲区边界内操作的限制不恰当

admin
admin V管理员 /0 评论 /10 阅读
0417
此篇文章发布距今已超过1152天,您需要注意文章的内容或图片是否可用!

CVE编号

CVE-2021-20589

利用情况

暂无

补丁情况

N/A

披露时间

2021-05-19
漏洞描述
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://jvn.jp/vu/JVNVU99895108/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-002_en.pdf
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 mitsubishi gs21_firmware * From
(including)
01.21.000 		Up to
(including)
01.39.000
运行在以下环境
系统 mitsubishi gt21_firmware * From
(including)
01.21.000 		Up to
(including)
01.39.000
运行在以下环境
系统 mitsubishi gt23_firmware * From
(including)
01.19.000 		Up to
(including)
01.38.000
运行在以下环境
系统 mitsubishi gt25_firmware * From
(including)
01.19.000 		Up to
(including)
01.38.000
运行在以下环境
系统 mitsubishi gt27_firmware * From
(including)
01.19.000 		Up to
(including)
01.38.000
运行在以下环境
系统 mitsubishi gt_softgot2000_firmware * From
(including)
1.170c 		Up to
(including)
1.250l
运行在以下环境
硬件 mitsubishi gs21 - -
运行在以下环境
硬件 mitsubishi gt21 - -
运行在以下环境
硬件 mitsubishi gt23 - -
运行在以下环境
硬件 mitsubishi gt25 - -
运行在以下环境
硬件 mitsubishi gt27 - -
运行在以下环境
硬件 mitsubishi gt_softgot2000 - -
CVSS3评分 7.5
  • 攻击路径 网络
  • 攻击复杂度 低
  • 权限要求 无
  • 影响范围 未更改
  • 用户交互 无
  • 可用性 高
  • 保密性 无
  • 完整性 无
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-ID 漏洞类型 CWE-119 内存缓冲区边界内操作的限制不恰当