mitsubishi gt27_firmware 内存缓冲区边界内操作的限制不恰当

CVE编号

CVE-2021-20589

利用情况

暂无

补丁情况

N/A

披露时间

2021-05-19

漏洞描述

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://jvn.jp/vu/JVNVU99895108/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-002_en.pdf

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	mitsubishi	gs21_firmware	*	From (including) 01.21.000	Up to (including) 01.39.000
	运行在以下环境
	系统	mitsubishi	gt21_firmware	*	From (including) 01.21.000	Up to (including) 01.39.000
	运行在以下环境
	系统	mitsubishi	gt23_firmware	*	From (including) 01.19.000	Up to (including) 01.38.000
	运行在以下环境
	系统	mitsubishi	gt25_firmware	*	From (including) 01.19.000	Up to (including) 01.38.000
	运行在以下环境
	系统	mitsubishi	gt27_firmware	*	From (including) 01.19.000	Up to (including) 01.38.000
	运行在以下环境
	系统	mitsubishi	gt_softgot2000_firmware	*	From (including) 1.170c	Up to (including) 1.250l
	运行在以下环境
	硬件	mitsubishi	gs21	-	-
	运行在以下环境
	硬件	mitsubishi	gt21	-	-
	运行在以下环境
	硬件	mitsubishi	gt23	-	-
	运行在以下环境
	硬件	mitsubishi	gt25	-	-
	运行在以下环境
	硬件	mitsubishi	gt27	-	-
	运行在以下环境
	硬件	mitsubishi	gt_softgot2000	-	-

CVSS3评分 7.5

• 攻击路径 网络
• 攻击复杂度 低
• 权限要求 无
• 影响范围 未更改
• 用户交互 无
• 可用性 高
• 保密性 无
• 完整性 无

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-ID	漏洞类型
CWE-119	内存缓冲区边界内操作的限制不恰当

Exp相关链接

- avd.aliyun.com