CVE-2023-3373

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-342
View all →

Vulnerability Description

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

Related Vulnerabilities

CVE-2022-27577

CRITICAL
CVSS:9.1(Critical)

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that a...

CWE-3422022

CVE-2020-16226

CRITICAL
CVSS:9.8(Critical)

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

CWE-3422020

CVE-2020-16226

CRITICAL
CVSS:9.8(Critical)

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

CWE-3422020

CVE-2022-27577

CRITICAL
CVSS:9.1(Critical)

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that a...

CWE-3422022

CVE-2020-28388

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5....

CWE-3422020

CVE-2022-29930

MEDIUM
CVSS:4.9(Medium)

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

CWE-3422022