Cyber Resilience

CVE-2021-20592

High

Published: 05 August 2021

Published
05 August 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0039 60.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-20592 is a high-severity Improper Synchronization (CWE-662) vulnerability in Mitsubishielectric Gt Softgot2000. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a…

more

remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitsubishielectric
gt softgot2000
1.170c — 1.256s
mitsubishielectric
got2000 gt27 firmware
01.19.000 — 01.39.010
mitsubishielectric
got2000 gt25 firmware
01.19.000 — 01.39.010
mitsubishielectric
got2000 gt23 firmware
01.19.000 — 01.39.010

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References