CVE-2020-5644 – A buffer overflow vulnerability in the TCP/IP f... (How to Fix)

Q: What is the severity of CVE-2020-5644?

CVE-2020-5644 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the TCP/IP function of Mitsubishi Electric GOT 1000 series GT14 model firmware allows remote unauthenticated attackers to crash network functions or execute arbitrary code via specially crafted packets. This affects industrial control system operators using vulnerable versions of these human-machine interface (HMI) devices.

📋 TL;DR

A buffer overflow vulnerability in the TCP/IP function of Mitsubishi Electric GOT 1000 series GT14 model firmware allows remote unauthenticated attackers to crash network functions or execute arbitrary code via specially crafted packets. This affects industrial control system operators using vulnerable versions of these human-machine interface (HMI) devices.

💻 Affected Systems

Products:

GT1455-QTBDE
GT1450-QMBDE
GT1450-QLBDE
GT1455HS-QTBDE
GT1450HS-QMBDE

Versions: CoreOS version 05.65.00.BD and earlier

Operating Systems: Mitsubishi Electric proprietary firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected models with default TCP/IP configuration are vulnerable when network accessible.

📦 What is this software?

Coreos by Mitsubishielectric

View all CVEs affecting Coreos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, potential lateral movement within industrial networks, and disruption of industrial processes.

🟠

Likely Case

Denial of service causing network function disruption, potentially halting HMI operations and affecting connected industrial processes.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and packet filtering.

🌐 Internet-Facing: HIGH - Directly exposed devices can be exploited by any internet-connected attacker without authentication.

🏢 Internal Only: HIGH - Internal attackers or malware can exploit this without authentication once inside the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted TCP/IP packets to vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CoreOS version 05.66.00.BD and later

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf

Restart Required: Yes

Instructions:

1. Download updated firmware from Mitsubishi Electric support portal. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify updated version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate GOT devices in separate network segments with strict firewall rules.

Access Control Lists

all

Implement ACLs to restrict TCP/IP access to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation with industrial firewalls
Deploy intrusion detection systems to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via GOT maintenance utility or device settings menu.

Check Version:

Use GOT maintenance utility or check device settings for CoreOS version.

Verify Fix Applied:

Confirm firmware version is 05.66.00.BD or later using GOT maintenance utility.

📡 Detection & Monitoring

Log Indicators:

Unexpected device restarts
Network function failures
Abnormal TCP/IP traffic patterns

Network Indicators:

Malformed TCP/IP packets to GOT devices
Unusual traffic to industrial control ports

SIEM Query:

source_ip=* AND dest_ip=[GOT_IP] AND (tcp_flags=malformed OR packet_size>normal)

📊 Metadata

CVE ID: CVE-2020-5644

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 6, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU99562395/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU99562395/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-310-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-014.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-014_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5644, you might also want to check these: