CVE-2022-40266

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU95633416	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-24 09:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-40266

Mitre link : CVE-2022-40266

CVE.ORG link : CVE-2022-40266

JSON object : View

Products Affected

mitsubishielectric

got2000_gt23_firmware
got2000_gt25_firmware
got2000_gt25
got2000_gt27
got2000_gt23
got2000_gt27_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-40266", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2022-11-24T09:15:09.587", "references": [{"url": "https://jvn.jp/vu/JVNVU95633416", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT27 versiones 01.39.000 y anteriores, el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT25 versiones 01.39.000 y anteriores y el servidor FTP Mitsubishi Electric GOT2000 Serie modelo GT23 versiones 01.39.000 y anteriores lo permite un atacante remoto autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de un comando especialmente manipulado."}], "lastModified": "2022-11-30T20:02:17.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91ACCF31-669A-4678-98DD-03B8E2E4A434", "versionEndIncluding": "01.39.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "498350D7-F7D7-478E-AD3A-3FE100434649"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67C7EF57-5EF6-46A6-BB78-5FACC88F8425", "versionEndIncluding": "01.39.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EF0C5C9-AF4E-4E31-8B41-06FBC0A7FEC5", "versionEndIncluding": "01.39.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33672A70-DE11-4361-BA1F-48ED15D48FF4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}