Sign-up

ID

VAR-202006-1953


TITLE

GX Works2 has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-30220

DESCRIPTION

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. It is a programming tool dedicated to PLC design, debugging, and maintenance. Compared with the traditional GX Developer software, it has improved functions and operating performance and has become easier to use. GX Works2 has a denial of service vulnerability. When an attacker clicks on the PLC online read function, the malformed data sent by the PLC to GX Work2 through a private protocol causes a heap overflow vulnerability, which leads to a denial of service and may cause remote code execution.

Trust: 0.6

sources: CNVD: CNVD-2020-30220

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30220

AFFECTED PRODUCTS

vendor:mitsubishi electric automationmodel:gx work2 1.591rscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-30220

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-30220
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-30220
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-30220

PATCH

title:GX Works2 has a denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/215695

Trust: 0.6

sources: CNVD: CNVD-2020-30220

EXTERNAL IDS

db:CNVDid:CNVD-2020-30220

Trust: 0.6

sources: CNVD: CNVD-2020-30220

SOURCES

db:CNVDid:CNVD-2020-30220

LAST UPDATE DATE

2022-05-04T09:21:49.521000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-30220date:2021-03-09T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-30220date:2020-06-09T00:00:00