Details of VAR-202006-1867

ID

VAR-202006-1867

TITLE

GX Works2 has a denial of service vulnerability (CNVD-2020-32342)

Trust: 0.6

sources: CNVD: CNVD-2020-32342

DESCRIPTION

GX Works2 is a PLC programming software. GX Works2 has a denial of service vulnerability. The attacker sends a constructed malicious data packet to cause illegal memory access to cause a denial of service, or may execute arbitrary code.

Trust: 0.6

sources: CNVD: CNVD-2020-32342

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 36995b08-c34c-4627-9225-d2236769d6df // IVD: f84f6c6f-dd59-4766-8a02-e4662084d191 // CNVD: CNVD-2020-32342

AFFECTED PRODUCTS

vendor:

mitsubishi electric automation

model:

gx works2 ver 1591r

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-32342

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-32342
value:	MEDIUM
Trust: 0.6
IVD:	36995b08-c34c-4627-9225-d2236769d6df
value:	MEDIUM
Trust: 0.2
IVD:	f84f6c6f-dd59-4766-8a02-e4662084d191
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2020-32342
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	36995b08-c34c-4627-9225-d2236769d6df
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	f84f6c6f-dd59-4766-8a02-e4662084d191
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 36995b08-c34c-4627-9225-d2236769d6df // IVD: f84f6c6f-dd59-4766-8a02-e4662084d191 // CNVD: CNVD-2020-32342

TYPE

Denial of service

Trust: 0.4

sources: IVD: 36995b08-c34c-4627-9225-d2236769d6df // IVD: f84f6c6f-dd59-4766-8a02-e4662084d191

PATCH

title:

Mitsubishi Electric PLC host computer software GX Works2 has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/216433

Trust: 0.6

sources: CNVD: CNVD-2020-32342

EXTERNAL IDS

db:	CNVD	id:	CNVD-2020-32342	Trust: 1.0
db:	IVD	id:	36995B08-C34C-4627-9225-D2236769D6DF	Trust: 0.2
db:	IVD	id:	F84F6C6F-DD59-4766-8A02-E4662084D191	Trust: 0.2

sources: IVD: 36995b08-c34c-4627-9225-d2236769d6df // IVD: f84f6c6f-dd59-4766-8a02-e4662084d191 // CNVD: CNVD-2020-32342

SOURCES

db:	IVD	id:	36995b08-c34c-4627-9225-d2236769d6df
db:	IVD	id:	f84f6c6f-dd59-4766-8a02-e4662084d191
db:	CNVD	id:	CNVD-2020-32342

LAST UPDATE DATE

2022-05-17T02:04:27.444000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-32342

date:

2021-03-09T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	36995b08-c34c-4627-9225-d2236769d6df	date:	2020-06-21T00:00:00
db:	IVD	id:	f84f6c6f-dd59-4766-8a02-e4662084d191	date:	2020-06-21T00:00:00
db:	CNVD	id:	CNVD-2020-32342	date:	2020-06-21T00:00:00