First published: Thu Nov 24 2022(Updated: )
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Got2000 Gt27 Firmware | <=01.39.000 | |
Mitsubishielectric Got2000 Gt27 | ||
Mitsubishielectric Got2000 Gt25 Firmware | <=01.39.000 | |
Mitsubishielectric Got2000 Gt25 | ||
Mitsubishielectric Got2000 Gt23 Firmware | <=01.39.000 | |
Mitsubishielectric Got2000 Gt23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40266 is an Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27, GT25, and GT23 model FTP servers.
CVE-2022-40266 affects Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, GT25 model FTP server versions 01.39.000 and prior, and GT23 model FTP server versions 01.39.000 and prior.
CVE-2022-40266 has a severity rating of 6.5 (medium).
To fix CVE-2022-40266, it is recommended to update the Mitsubishi Electric GOT2000 Series GT27, GT25, and GT23 model FTP server firmware to version 01.40.001 or later, as provided by Mitsubishi Electric.
More information about CVE-2022-40266 can be found at the following references: [JVN](https://jvn.jp/vu/JVNVU95633416) and [Mitsubishi Electric PSIRT](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf).