CVE-2020-5675 – An out-of-bounds read vulnerability in Mitsubis... (How to Fix)

Q: What is the severity of CVE-2020-5675?

CVE-2020-5675 has a CVSS score of 7.5 (HIGH). An out-of-bounds read vulnerability in Mitsubishi Electric GOT2000/GS21 series GT21/GS21 models and Tension Controller LE7-40GU-L series allows remote attackers to cause denial-of-service conditions. By sending specially crafted packets, attackers can degrade communication performance or completely disrupt TCP communication functions. This affects industrial control systems using these specific human-machine interface (HMI) and controller products.

📋 TL;DR

An out-of-bounds read vulnerability in Mitsubishi Electric GOT2000/GS21 series GT21/GS21 models and Tension Controller LE7-40GU-L series allows remote attackers to cause denial-of-service conditions. By sending specially crafted packets, attackers can degrade communication performance or completely disrupt TCP communication functions. This affects industrial control systems using these specific human-machine interface (HMI) and controller products.

💻 Affected Systems

Products:

GT2107-WTBD
GT2107-WTSD
GT2104-RTBD
GT2104-PMBD
GT2103-PMBD
GS2110-WTBD
GS2107-WTBD
GS2110-WTBD-N
GS2107-WTBD-N
LE7-40GU-L with specific screen packages

Versions: V01.39.000 and earlier for GT21/GS21 models; specific screen package versions for LE7-40GU-L

Operating Systems: Embedded/proprietary OS on industrial devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific firmware versions of industrial HMIs and controllers; requires network access to vulnerable TCP services.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of TCP communication functions leading to operational downtime in industrial environments, potentially affecting production lines or critical processes.

🟠

Likely Case

Degraded communication performance causing intermittent connectivity issues and reduced system responsiveness in industrial control networks.

🟢

If Mitigated

Minimal impact if systems are isolated from untrusted networks and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can remotely trigger DoS conditions without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Remote exploitation via crafted packets without authentication.

Exploitation requires sending specially crafted packets to vulnerable TCP services; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions newer than V01.39.000 for GT21/GS21 models; updated screen packages for LE7-40GU-L

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf

Restart Required: Yes

Instructions:

1. Download updated firmware/screen packages from Mitsubishi Electric support. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify new version is running.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices in separate network segments with strict firewall rules.

Access Control Lists

all

Implement ACLs to restrict network access to vulnerable devices from trusted sources only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks
Deploy intrusion detection/prevention systems to monitor for crafted packet patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via device configuration interface or web interface; compare against affected versions list.

Check Version:

Device-specific; typically through device configuration menus or vendor software tools.

Verify Fix Applied:

Verify firmware version is newer than V01.39.000 for GT21/GS21 models; confirm updated screen packages for LE7-40GU-L.

📡 Detection & Monitoring

Log Indicators:

Unexpected TCP connection resets
Communication performance degradation logs
Device restart events

Network Indicators:

Unusual TCP packet patterns to industrial device ports
Increased TCP retransmissions to affected devices

SIEM Query:

source_ip=* AND dest_port IN (industrial_ports) AND packet_size=unusual AND protocol=TCP

📊 Metadata

CVE ID: CVE-2020-5675

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: December 4, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU99277775/index.html Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU99277775/index.html Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5675, you might also want to check these: