CVE-2020-5597
Description
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in the TCP/IP stack of Mitsubishi Electric GOT2000 series (CoreOS -Y and earlier) allows remote denial of service or arbitrary code execution.
Vulnerability
The TCP/IP function in CoreOS version -Y and earlier installed on Mitsubishi Electric GOT2000 series GT27, GT25, and GT23 models contains a null pointer dereference vulnerability (CWE-476) [1]. By processing a specially crafted network packet, the firmware dereferences a null pointer, causing undefined behavior. Affected models include GT27, GT25, and GT23 with CoreOS -Y and prior [1].
Exploitation
An unauthenticated remote attacker on the same network can send a crafted TCP/IP packet to the affected device [1]. No user interaction or prior authentication is required. The packet triggers the null pointer dereference in the stack’s parsing code, halting the network service or enabling memory corruption.
Impact
Successful exploitation can stop the network functions of the device, leading to a denial of service. Under certain conditions, an attacker may leverage the null pointer dereference to execute a malicious program on the device, potentially achieving full compromise of the HMI [1].
Mitigation
Mitsubishi Electric released CoreOS version Z via MELSOFT GT Designer3 (2000) version 1.240A and later to address CVE-2020-5597 and other vulnerabilities [1]. Users should update CoreOS on affected GOT2000 models to version Z or later. As a workaround, restrict network access from untrusted hosts or networks [1]. No KEV listing is available at this time.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=Y+ 1 more
- (no CPE)range: <=Y
- (no CPE)range: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/vu/JVNVU95413676/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.