Cyber Resilience

CVE-2021-20606

Medium

Published: 17 December 2021

Published
17 December 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0015 35.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-20606 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Mitsubishielectric Ezsocket. Its CVSS base score is 5.5 (Medium).

Operationally, ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by…

more

getting a user to open malicious project file specially crafted by an attacker.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitsubishielectric
ezsocket
≤ 5.4
mitsubishielectric
gx works2
≤ 1.606g
mitsubishielectric
melsoft navigator
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References