{"api_version":"1","generated_at":"2026-04-23T20:20:43+00:00","cve":"CVE-2021-20607","urls":{"html":"https://cve.report/CVE-2021-20607","api":"https://cve.report/api/cve/CVE-2021-20607.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20607","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20607"},"summary":{"title":"CVE-2021-20607","description":"Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.","state":"PUBLIC","assigner":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","published_at":"2021-12-17 17:15:00","updated_at":"2023-02-02 19:58:00"},"problem_types":["CWE-191"],"metrics":[],"references":[{"url":"https://jvn.jp/vu/JVNVU93817405/index.html","name":"https://jvn.jp/vu/JVNVU93817405/index.html","refsource":"MISC","tags":[],"title":"JVNVU#93817405: 三菱電機製FAエンジニアリングソフトウェア製品における複数の脆弱性","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05","name":"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05","refsource":"MISC","tags":[],"title":"Mitsubishi Electric FA Engineering Software | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf","name":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20607","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20607","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20607","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitsubishielectric","cpe5":"ezsocket","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20607","vulnerable":"1","versionEndIncluding":"5.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitsubishielectric","cpe5":"ezsocket","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20607","vulnerable":"1","versionEndIncluding":"1.606g","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitsubishielectric","cpe5":"gx_works2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20607","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitsubishielectric","cpe5":"melsoft_navigator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20607","qid":"590657","title":"Mitsubishi Electric FA Engineering Software Multiple Vulnerabilities (ICSA-21-350-05)"},{"cve":"CVE-2021-20607","qid":"591215","title":"Mitsubishi Electric FA Products Multiple Vulnerabilities (ICSA-21-350-05)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20607","ASSIGNER":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Mitsubishi Electric GX Works2; Mitsubishi Electric MELSOFT Navigator; Mitsubishi Electric EZSocket","version":{"version_data":[{"version_value":"Mitsubishi Electric GX Works2 versions 1.606G and prior"},{"version_value":"Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior"},{"version_value":"Mitsubishi Electric EZSocket versions 5.4 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Integer Underflow"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf","url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf"},{"refsource":"MISC","name":"https://jvn.jp/vu/JVNVU93817405/index.html","url":"https://jvn.jp/vu/JVNVU93817405/index.html"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05","url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05"}]},"description":{"description_data":[{"lang":"eng","value":"Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker."}]}},"nvd":{"publishedDate":"2021-12-17 17:15:00","lastModifiedDate":"2023-02-02 19:58:00","problem_types":["CWE-191"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*","versionEndIncluding":"1.606g","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20607","Ordinal":"194652","Title":"CVE-2021-20607","CVE":"CVE-2021-20607","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20607","Ordinal":"1","NoteData":"Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20607","Ordinal":"2","NoteData":"2021-12-17","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20607","Ordinal":"3","NoteData":"2021-12-17","Type":"Other","Title":"Modified"}]}}}