Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
Description
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in Mitsubishi Electric GOT2000 series FTP server allows remote authenticated attackers to cause a denial of service via specially crafted command.
Vulnerability
An improper input validation vulnerability (CWE-20) exists in the FTP server component of Mitsubishi Electric GOT2000 Series GT27, GT25, and GT23 models. Affected versions are 01.39.000 and prior. The vulnerability allows a remote attacker with FTP access to send a specially crafted command, leading to a denial of service condition [1].
Exploitation
An attacker must have network access to the target GOT device's FTP server and authenticate successfully. No additional user interaction is required. By sending a specially crafted FTP command, the attacker triggers the input validation flaw, causing the FTP service to become unresponsive [1].
Impact
Successful exploitation results in a denial of service (DoS) condition, rendering the FTP server and potentially the entire GOT device unavailable until a restart [1].
Mitigation
Mitsubishi Electric has released fixed firmware version 01.47.000 for all affected models, which is bundled with GT Designer3 Version1 (GOT2000) Ver.1.285X and later. Users should update to the fixed version. As a workaround, when connecting the device to the internet, deploy a firewall to restrict access [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=01.39.000
- Mitsubishi Electric/GOT2000 Series GT23 modelv5Range: FTP server versions 01.39.000 and prior
- Mitsubishi Electric/GOT2000 Series GT25 modelv5Range: FTP server versions 01.39.000 and prior
- Mitsubishi Electric/GOT2000 Series GT27 modelv5Range: FTP server versions 01.39.000 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.