CVE-2021-20589
Description
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote attacker can stop communication on Mitsubishi GOT and Tension Controller devices by sending crafted packets via MODBUS/TCP due to a buffer access length vulnerability.
Vulnerability
A buffer access with incorrect length value vulnerability (CWE-805) exists in the MODBUS/TCP slave communication function of Mitsubishi Electric GOT2000 series (GT27, GT25, GT23, GT21 models, communication driver versions 01.19.000 through 01.38.000 for GT27/GT25/GT23, and 01.21.000 through 01.39.000 for GT21), GOT SIMPLE series GS21 model (communication driver versions 01.21.000 through 01.39.000), GT SoftGOT2000 (versions 1.170C through 1.250L), and Tension Controller LE7-40GU-L (screen package data for MODBUS/TCP V1.00) [1].
Exploitation
An unauthenticated remote attacker can send specially crafted packets to the MODBUS/TCP slave interface of an affected device [1]. No authentication or prior access is required. The attacker simply needs network connectivity to the device's MODBUS/TCP port [1].
Impact
Successful exploitation causes the communication function of the target device to stop, resulting in a denial of service (DoS) [1]. The device becomes unable to properly handle MODBUS/TCP communications until the service is restored, potentially disrupting industrial control operations [1].
Mitigation
Update the affected products to fixed versions as provided by Mitsubishi Electric [1]. For specific version information and availability, refer to the vendor's advisory [1]. No workaround is mentioned in the available reference.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- GOT2000 series/GOT2000 series GT27 model communication driverdescription
- Range: 01.19.000 through 01.38.000
- Range: 01.21.000 through 01.39.000
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/vu/JVNVU99895108/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-002_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.