CVE-2022-40266

EUVD-2022-43564
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
MitsubishiCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
mitsubishielectricgot2000_gt27_firmware
𝑥
≤ 01.39.000
mitsubishielectricgot2000_gt25_firmware
𝑥
≤ 01.39.000
mitsubishielectricgot2000_gt23_firmware
𝑥
≤ 01.39.000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/vu/JVNVU95633416
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
https://jvn.jp/vu/JVNVU95633416
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf