CVE-2023-41963

Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.electronics.jtekt.co.jp/en/topics/202312116562/	Vendor Advisory
https://jvn.jp/en/jp/JVN34145838/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:jtekt:gc-a24w-c\(w\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a24w-c\(w\):-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:jtekt:gc-a26w-c\(w\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a26w-c\(w\):-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*

Information

Published : 2023-12-12 10:15

Updated : 2023-12-14 20:41

NVD link : CVE-2023-41963

Mitre link : CVE-2023-41963

JSON object : View

Products Affected

jtekt

gc-a24w-c\(w\)
gc-a22w-cw_firmware
gc-a24-m
gc-a24-m_firmware
gc-a24_firmware
gc-a25_firmware
gc-a22w-cw
gc-a26_firmware
gc-a24
gc-a25
gc-a27-c_firmware
gc-a24w-c\(w\)_firmware
gc-a28-c_firmware
gc-a26w-c\(w\)_firmware
gc-a27-c
gc-a26w-c\(w\)
gc-a26-j2_firmware
gc-a26
gc-a28-c
gc-a26-j2

CWE

CWE-400

Uncontrolled Resource Consumption

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/", "name": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://jvn.jp/en/jp/JVN34145838/", "name": "https://jvn.jp/en/jp/JVN34145838/", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-41963", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2023-12-12T10:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a24w-c\\(w\\):-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a26w-c\\(w\\):-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-12-14T20:41Z"}