{"api_version":"1","generated_at":"2026-04-24T00:22:51+00:00","cve":"CVE-2022-40266","urls":{"html":"https://cve.report/CVE-2022-40266","api":"https://cve.report/api/cve/CVE-2022-40266.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-40266","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-40266"},"summary":{"title":"CVE-2022-40266","description":"Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.","state":"PUBLIC","assigner":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","published_at":"2022-11-24 09:15:00","updated_at":"2022-11-30 20:02:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf","name":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://jvn.jp/vu/JVNVU95633416","name":"https://jvn.jp/vu/JVNVU95633416","refsource":"MISC","tags":[],"title":"JVNVU#95633416: 三菱電機製GOT2000シリーズのFTPサーバ機能における不適切な入力確認の脆弱性","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-40266","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40266","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"40266","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"mitsubishielectric","cpe5":"got2000_gt23","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40266","vulnerable":"1","versionEndIncluding":"01.39.000","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"mitsubishielectric","cpe5":"got2000_gt23_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40266","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"mitsubishielectric","cpe5":"got2000_gt25","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40266","vulnerable":"1","versionEndIncluding":"01.39.000","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"mitsubishielectric","cpe5":"got2000_gt25_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40266","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"mitsubishielectric","cpe5":"got2000_gt27","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40266","vulnerable":"1","versionEndIncluding":"01.39.000","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"mitsubishielectric","cpe5":"got2000_gt27_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-40266","qid":"591247","title":"Mitsubishi Electric GOT2000 Series Improper Input Validation Vulnerability (ICSA-22-333-01, 2022-016)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-40266","ASSIGNER":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mitsubishi Electric","product":{"product_data":[{"product_name":"GOT2000 Series GT27 model","version":{"version_data":[{"version_value":"FTP server versions 01.39.000 and prior","version_affected":"="}]}},{"product_name":"GOT2000 Series GT25 model","version":{"version_data":[{"version_value":"FTP server versions 01.39.000 and prior","version_affected":"="}]}},{"product_name":"GOT2000 Series GT23 model","version":{"version_data":[{"version_value":"FTP server versions 01.39.000 and prior","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf","refsource":"MISC","name":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"},{"url":"https://jvn.jp/vu/JVNVU95633416","refsource":"MISC","name":"https://jvn.jp/vu/JVNVU95633416"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2022-11-24 09:15:00","lastModifiedDate":"2022-11-30 20:02:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.39.000","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.39.000","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:mitsubishielectric:got2000_gt23_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.39.000","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:mitsubishielectric:got2000_gt23:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}