![]() Mitsubishi Electric reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing.A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). If an attacker tampers with a program file in a Mitsubishi Electric PLC by sending malicious crafted packets to the PLC, reading the program file into GX Works2, the engineering software incorrectly handles a length field that is inconsistent with the actual length of the associated data, which could result in a denial-of-service condition in the software.ĬVE-2021-20608 has been assigned to this vulnerability. The following versions of GX Works2, an engineering software suite, are affected:ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130 Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2. Vulnerability: Improper Handling of Length Parameter Inconsistency.ATTENTION: Exploitable remotely/high attack complexity.
0 Comments
Leave a Reply. |