CVE-2021-20592
Description
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mitsubishi GOT2000 series and GT SoftGOT2000 have a missing synchronization vulnerability in their MODBUS/TCP slave function that allows a remote attacker to cause a denial of service.
Vulnerability
A missing synchronization vulnerability (CWE-820) exists in the MODBUS/TCP slave communication driver of Mitsubishi GOT2000 series GT27, GT25, and GT23 models with communication driver versions 01.19.000 through 01.39.010, and in GT SoftGOT2000 versions 1.170C through 1.256S when configured with "MODBUS/TCP Slave" as the connection target [1]. The issue occurs in the shared resource access synchronization within the communication driver, affecting the MODBUS/TCP slave function [1].
Exploitation
A remote unauthenticated attacker can trigger the vulnerability by rapidly and repeatedly connecting to and disconnecting from the MODBUS/TCP communication port on the target device [1]. No authentication or prior access is required; the attacker only needs network connectivity to the affected product's MODBUS/TCP port [1].
Impact
Successfully exploiting this vulnerability causes a denial of service (DoS) condition on the MODBUS/TCP slave communication function of the affected GOT2000 series or GT SoftGOT2000 [1]. The communication function stops, and the device requires a restart or reset to recover normal operation [1].
Mitigation
Mitsubishi Electric recommends updating the communication driver for GOT2000 series to version 01.39.020 or later and GT SoftGOT2000 to version 1.257S or later to address the vulnerability [1]. No workaround is disclosed in the available references [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- GOT2000/GOT2000 series GT27 model communication driverdescription
- Range: 01.19.000 through 01.39.010
- Range: 1.170C through 1.256S
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/vu/JVNVU92414172/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-007_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.