CVE-2020-5595 – A buffer overflow vulnerability in the TCP/IP f... (How to Fix)

Q: What is the severity of CVE-2020-5595?

CVE-2020-5595 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the TCP/IP function of Mitsubishi Electric GOT2000 series firmware allows remote attackers to crash network functions or execute arbitrary code via specially crafted packets. This affects GT27, GT25, and GT23 models running CoreOS version -Y and earlier. Industrial control systems using these HMIs are at risk.

📋 TL;DR

A buffer overflow vulnerability in the TCP/IP function of Mitsubishi Electric GOT2000 series firmware allows remote attackers to crash network functions or execute arbitrary code via specially crafted packets. This affects GT27, GT25, and GT23 models running CoreOS version -Y and earlier. Industrial control systems using these HMIs are at risk.

💻 Affected Systems

Products:

Mitsubishi Electric GOT2000 series GT27 Model
Mitsubishi Electric GOT2000 series GT25 Model
Mitsubishi Electric GOT2000 series GT23 Model

Versions: CoreOS version -Y and earlier

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected devices with network connectivity are vulnerable by default; no special configuration required.

📦 What is this software?

Coreos by Mitsubishielectric

View all CVEs affecting Coreos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, disruption of industrial processes, and potential physical damage or safety incidents.

🟠

Likely Case

Denial of service causing network function failure and HMI unavailability, disrupting monitoring/control of industrial equipment.

🟢

If Mitigated

Limited impact if devices are air-gapped or behind strict network segmentation with packet filtering.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical risk for internet-exposed devices; exploitation requires only network access.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this unauthenticated vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting malicious TCP/IP packets but no authentication; technical details are public in advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to CoreOS version later than -Y (consult vendor for specific version)

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Mitsubishi Electric support portal. 2. Follow vendor's firmware update procedure for GOT2000 series. 3. Verify successful update and restart device.

🔧 Temporary Workarounds

Network segmentation and firewall rules

all

Isolate GOT2000 devices in separate network segments and restrict TCP/IP traffic to only trusted sources.

Disable unnecessary network services

all

If possible, disable TCP/IP functions not required for operation to reduce attack surface.

🧯 If You Can't Patch

Implement strict network access controls allowing only necessary communication from trusted IPs
Monitor network traffic for anomalous packets targeting GOT2000 devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via GOT2000 system settings; if CoreOS version is -Y or earlier, device is vulnerable.

Check Version:

Check via GOT2000 HMI: System Settings > Version Information

Verify Fix Applied:

Confirm firmware version is updated beyond -Y version in system settings after patch application.

📡 Detection & Monitoring

Log Indicators:

Network function crashes
Unexpected device reboots
Abnormal TCP/IP packet logs

Network Indicators:

Malformed TCP/IP packets targeting GOT2000 devices
Unusual traffic patterns to industrial control network

SIEM Query:

source_ip:external AND dest_ip:GOT2000_IP AND (protocol:TCP OR protocol:IP) AND packet_size:anomalous

📊 Metadata

CVE ID: CVE-2020-5595

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: July 7, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU95413676/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU95413676/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5595, you might also want to check these: