CVE-2020-5598
Description
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improper access control flaw in the TCP/IP stack of Mitsubishi Electric GOT2000 series CoreOS lets remote attackers bypass restrictions and halt network functions or execute arbitrary code.
Vulnerability
The TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability (CWE-284). This flaw allows a remote attacker to bypass access restrictions and stop network functions or execute a malicious program via a specially crafted packet [1].
Exploitation
An attacker needs network access to send a specially crafted packet to the affected device. No authentication is required. The exact sequence of steps is not publicly disclosed, but sending a malicious TCP/IP packet triggers the improper access control condition [1].
Impact
Successful exploitation can halt the network functions of the GOT2000 series or execute a malicious program on the device, potentially leading to denial of service or arbitrary code execution at the device's privilege level [1].
Mitigation
Mitsubishi Electric recommends updating CoreOS to version Z or later. Users should obtain MELSOFT GT Designer3(2000) version 1.240A or later, create an SD card with the updated CoreOS, and insert it into the affected product. Until the update is applied, restricting access from untrusted networks or hosts may reduce risk [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2CoreOS version -Y and earlier+ 1 more
- (no CPE)range: CoreOS version -Y and earlier
- (no CPE)range: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/vu/JVNVU95413676/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.