CVE-2020-5600
Description
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A resource management error in Mitsubishi Electric GOT2000 series TCP/IP stack allows remote attackers to stop network functions or execute arbitrary code via a crafted packet.
Vulnerability
The TCP/IP function in CoreOS (version -Y and earlier) on Mitsubishi Electric GOT2000 series (GT27, GT25, GT23 models) contains a resource management error vulnerability (CWE-399). This flaw allows a remote attacker to send a specially crafted packet that triggers improper resource handling, potentially leading to denial of service or arbitrary code execution. [1]
Exploitation
An attacker needs network access to the affected device. No authentication is required. The attacker sends a specially crafted packet to the TCP/IP stack. The exact sequence is not detailed, but the packet triggers a resource management error, causing the network functions to stop or enabling code execution. [1]
Impact
Successful exploitation can stop the network functions of the product, resulting in denial of service, or allow the attacker to execute a malicious program on the device. The attacker gains the ability to disrupt operations or potentially compromise the GOT2000 unit. [1]
Mitigation
Mitsubishi Electric has released CoreOS version Z and later to fix this vulnerability. Users should update CoreOS via SD card using MELSOFT GT Designer3(2000) 1.240A or later. As a workaround, restrict access from untrusted networks or hosts. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<= -Y+ 1 more
- (no CPE)range: <= -Y
- (no CPE)range: CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/vu/JVNVU95413676/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.