CVE-2020-5595
Description
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in the TCP/IP stack of Mitsubishi Electric GOT2000 series lets a remote attacker halt network functions or execute arbitrary code via a crafted packet.
Vulnerability
The TCP/IP function in CoreOS versions -Y and earlier on Mitsubishi Electric GOT2000 series (GT27, GT25, and GT23 models) contains a buffer overflow vulnerability (CWE-119). An attacker can trigger it by sending a specially crafted network packet, causing out-of-bounds memory operations.
Exploitation
An attacker needs only network reachability to the affected device — no authentication or user interaction is required. The attacker crafts a malicious TCP/IP packet and transmits it to the GOT2000’s network interface, which the vulnerable stack processes, leading to a buffer overflow.
Impact
Successful exploitation can stop the device’s network functions (denial of service) or allow the attacker to execute a malicious program on the device. The compromise scope is the device itself, potentially enabling further network attacks.
Mitigation
Mitigation requires updating CoreOS to version Z or later. Users must obtain MELSOFT GT Designer3(2000) 1.240A or later, create a CoreOS image with version Z on an SD card, and update the device. If an update is not immediately possible, restrict access from untrusted networks or hosts as a workaround. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= CoreOS version -Y
- Range: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/vu/JVNVU95413676/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.