OpenCVE

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric	Gs21 Gs21 Firmware Gt21 Gt21 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:gt21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:gt21:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:gs21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:gs21:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU92167394/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2023-08-03T23:44:40.341Z

Updated: 2024-08-02T06:55:03.371Z

Reserved: 2023-06-23T01:32:29.994Z

Link: CVE-2023-3373

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-04T00:15:14.130

Modified: 2023-08-10T14:59:52.507

Link: CVE-2023-3373

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3373", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2023-06-23T01:32:29.994Z", "datePublished": "2023-08-03T23:44:40.341Z", "dateUpdated": "2024-08-02T06:55:03.371Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GOT2000 Series GT21 model", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "01.49.000 and prior"}]}, {"defaultStatus": "unaffected", "product": "GOT SIMPLE Series GS21 model", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "01.49.000 and prior"}]}], "datePublic": "2023-08-03T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it."}], "value": "Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-342", "description": "CWE-342 Predictable Exact Value from Previous Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2023-08-03T23:44:40.341Z"}, "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf"}, {"url": "https://jvn.jp/vu/JVNVU92167394/index.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.371Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU92167394/index.html", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:gt21_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "270CC331-0EBF-4A70-B2EA-6E5B53DC3BD4", "versionEndExcluding": "01.50.000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:gt21:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D5729FA-349F-4253-AFF1-B48C7AC40593", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:gs21_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03AF79C6-7D14-47DD-AB3C-964ADAD86358", "versionEndExcluding": "01.50.000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:gs21:-:*:*:*:*:*:*:*", "matchCriteriaId": "E238EA96-8125-4DE2-8E1C-8552C4860113", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it."}], "id": "CVE-2023-3373", "lastModified": "2023-08-10T14:59:52.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2023-08-04T00:15:14.130", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU92167394/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-342"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}