CVE-2021-20606
First published: Fri Dec 17 2021(Updated: )
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Ezsocket | <=5.4 | |
| Mitsubishielectric Gx Works2 | <=1.606g | |
| Mitsubishielectric Melsoft Navigator | ||
| Mitsubishi Electric GX Works2: Versions 1.606G and prior | ||
| Mitsubishi Electric MELSOFT Navigator: Versions 2.84N and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20606?
CVE-2021-20606 is an out-of-bounds read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior, and Mitsubishi Electric EZSocket versions 5.4 and prior.
What is the severity of CVE-2021-20606?
CVE-2021-20606 has a severity level of 5.5 (medium).
How does CVE-2021-20606 affect Mitsubishi Electric GX Works2?
CVE-2021-20606 affects Mitsubishi Electric GX Works2 versions 1.606G and prior.
How does CVE-2021-20606 affect Mitsubishi Electric MELSOFT Navigator?
CVE-2021-20606 affects Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior.
How does CVE-2021-20606 affect Mitsubishi Electric EZSocket?
CVE-2021-20606 affects Mitsubishi Electric EZSocket versions 5.4 and prior.
How can CVE-2021-20606 be exploited?
CVE-2021-20606 can be exploited by getting a user to open manipulated project files or configuration files, leading to a denial-of-service (DoS) condition in the affected software.
Are there any fixes available for CVE-2021-20606?
Yes, Mitsubishi Electric has provided a security advisory with mitigation details and recommended software updates to address CVE-2021-20606.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric ezsocket
- version/mitsubishielectric ezsocket/5.4
- canonical/mitsubishielectric gx works2
- version/mitsubishielectric gx works2/1.606g
- canonical/mitsubishielectric melsoft navigator
- vendor/mitsubishi electric
- canonical/mitsubishi electric gx works2: versions 1.606g and prior
- canonical/mitsubishi electric melsoft navigator: versions 2.84n and prior