Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-40266

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-24 Nov, 2022 | 08:20
Updated At-25 Apr, 2025 | 17:56
Rejected At-
Credits

Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:24 Nov, 2022 | 08:20
Updated At:25 Apr, 2025 | 17:56
Rejected At:
▼CVE Numbering Authority (CNA)
Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Affected Products
Vendor
Mitsubishi Electric CorporationMitsubishi Electric
Product
GOT2000 Series GT27 model
Versions
Affected
  • FTP server versions 01.39.000 and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric
Product
GOT2000 Series GT25 model
Versions
Affected
  • FTP server versions 01.39.000 and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric
Product
GOT2000 Series GT23 model
Versions
Affected
  • FTP server versions 01.39.000 and prior
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service
CAPEC ID: N/A
Description: Denial of Service
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
N/A
https://jvn.jp/vu/JVNVU95633416
N/A
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
Resource: N/A
Hyperlink: https://jvn.jp/vu/JVNVU95633416
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
x_transferred
https://jvn.jp/vu/JVNVU95633416
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
Resource:
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU95633416
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:24 Nov, 2022 | 09:15
Updated At:30 Nov, 2022 | 20:02

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt27_firmware>>Versions up to 01.39.000(inclusive)
cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt27>>-
cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt25_firmware>>Versions up to 01.39.000(inclusive)
cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt25>>-
cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt23_firmware>>Versions up to 01.39.000(inclusive)
cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>got2000_gt23>>-
cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20SecondaryMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU95633416Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitigation
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU95633416
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

157Records found
CVE-2024-22027
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.39%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 06:41
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerWordPress Quiz Maker Plugin
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38778
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.49%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.

Action-Not Available
Vendor-decode-uri-component_projectElasticsearch BV
Product-decode-uri-componentkibanakibana
CWE ID-CWE-20
Improper Input Validation
CVE-2024-34473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components.

Action-Not Available
Vendor-n/ao-ran-sc
Product-n/anear-rt_ric
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29494
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_6330hxeon_platinum_8368qopenbmcxeon_platinum_8358xeon_gold_5318hxeon_gold_5315yxeon_silver_4310xeon_platinum_8376hlxeon_gold_5317xeon_gold_5320hxeon_platinum_8362xeon_gold_5320xeon_gold_6334xeon_platinum_8360yxeon_platinum_8354hxeon_platinum_8356hxeon_platinum_8380hxeon_gold_6338xeon_platinum_8360hlxeon_gold_6338txeon_gold_6346c627axeon_gold_6342xeon_platinum_8376hc621axeon_gold_5318sxeon_gold_6330xeon_platinum_8352yxeon_silver_4309yxeon_gold_6338nxeon_platinum_8368xeon_gold_5320txeon_gold_6314uxeon_platinum_8352sxeon_gold_5318yxeon_gold_6326xeon_platinum_8360hxeon_silver_4310txeon_gold_6312uxeon_gold_6328hc741xeon_platinum_8380xeon_gold_6348xeon_gold_6354xeon_gold_6330nxeon_silver_4316xeon_platinum_8351nxeon_gold_6328hlxeon_platinum_8352mc629axeon_gold_5318nxeon_platinum_8353hxeon_platinum_8358pxeon_platinum_8380hlxeon_silver_4314xeon_gold_6348hxeon_platinum_8352vxeon_gold_6336yOpenBMC
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33620
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.15% / 86.39%
||
7 Day CHG-0.38%
Published-28 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Action-Not Available
Vendor-n/aSquid CacheDebian GNU/LinuxFedora Project
Product-squiddebian_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32666
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 21:35
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Asset DoS vulnerability

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1.

Action-Not Available
Vendor-wirewireapp
Product-wirewire-ios
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5238
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.34%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 23:05
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in table parsing in cmark-gfm

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Action-Not Available
Vendor-github_flavored_markdown_projectFedora ProjectGitHub, Inc.
Product-github_flavored_markdownfedoracmark-gfm
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found