Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-49713: [Update notice] HMI GC-A2 series|JTEKT ELECTRONICS CORPORATION

Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE
#vulnerability#ios#dos#bios#auth

Dec. 11, 2023

  • TOP
  • News
  • [Update notice] HMI GC-A2 series

1.Overview

Multiple vulnerabilities were found in HMI GC-A2 series.
We will inform you of the contents and how to deal with them.
Please confirm the contents and apply the follow solution.

2.Products Affected

The following products are affected by the vulnerability.

Products

Firmware Version

GC-A22W-CW

All Versions

GC-A24W-C(W)

All Versions

GC-A26W-C(W)

All Versions

GC-A24

All Versions

GC-A24-M

All Versions

GC-A25

All Versions

GC-A26

All Versions

GC-A26-J2

All Versions

GC-A27-C

All Versions

GC-A28-C

All Versions

3.Description

HMI GC-A2 series contain multiple vulnerabilities listed below.

3-1.Denial-of-service (DoS) vulnerability in FTP service (CWE-400) – CVE-2023-41963

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base score: 7.8

3-2. Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) – CVE-2023-49140

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base score: 7.8

3-3. Denial-of-service (DoS) vulnerability in rfe service (CWE-400) – CVE-2023-49143

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base score: 7.8

3-4. Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) – CVE-2023-49713

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base score: 7.5
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:C Base score: 7.8

4.Impact

A remote attacker may be able to cause a denial of service (DoS) condition by sending specially crafted packets to specific ports.
A denial of service (DoS) may cause the HMI system to stop.
Restarting the HMI is required to recover from a system stopped state.

5.Mitigations and Protections

When connecting the HMI GC-A2 series to the Internet, use a firewall or virtual private network (VPN) to prevent unauthorized access.

Our Advantages

Global business expanding enable us to product development required by the World and Era. Also,
advanced total power and development capabilities doesn’t make us stay just component producer.

View details

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907