CVE-2022-40266
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric | GOT2000 Series GT27 model | FTP server versions 01.39.000 and prior | affected |
| Mitsubishi Electric | GOT2000 Series GT25 model | FTP server versions 01.39.000 and prior | affected |
| Mitsubishi Electric | GOT2000 Series GT23 model | FTP server versions 01.39.000 and prior | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
- https://jvn.jp/vu/JVNVU95633416
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
- https://jvn.jp/vu/JVNVU95633416
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.