CVE-2021-20601

Name: CVE-2021-20601
Creator: NVD / NIST
Published: 2021-11-23T15:15:07.26+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.28%

Last modified Jun 17, 2026

CVE-2021-20601 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.

Description

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

2.28%

80.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Gt Softgot2000	All versions
Mitsubishielectric	Got Simple Gs2110-Wtbd Firmware	All versions
Mitsubishielectric	Got Simple Gs2107-Wtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2104-Rtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2103-Pmbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2103-Pmbds Firmware	All versions
Mitsubishielectric	Got2000 Gt2103-Pmbds2 Firmware	All versions
Mitsubishielectric	Got2000 Gt2103-Pmbls Firmware	All versions
Mitsubishielectric	Got2000 Gt2107-Wtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2310-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2310-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2308-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2308-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2507t-Wtsd Firmware	All versions
Mitsubishielectric	Got2000 Gt2507-Wtsd Firmware	All versions
Mitsubishielectric	Got2000 Gt2507-Wtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2512-Wxtsd Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Wxtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Wxtsd Firmware	All versions
Mitsubishielectric	Got2000 Gt2512-Wxtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2505hs-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2506hs-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2512-Stba Firmware	All versions
Mitsubishielectric	Got2000 Gt2512-Stbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Vtwa Firmware	All versions
Mitsubishielectric	Got2000 Gt2510-Vtwd Firmware	All versions
Mitsubishielectric	Got2000 Gt2508-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2508-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2508-Vtwa Firmware	All versions
Mitsubishielectric	Got2000 Gt2508-Vtwd Firmware	All versions
Mitsubishielectric	Got2000 Gt2505-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2705-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2708-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2708-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2708-Stba Firmware	All versions
Mitsubishielectric	Got2000 Gt2708-Stbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Stba Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Stbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Vtba Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Vtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Vtwa Firmware	All versions
Mitsubishielectric	Got2000 Gt2710-Vtwd Firmware	All versions
Mitsubishielectric	Got2000 Gt2712-Stwd Firmware	All versions
Mitsubishielectric	Got2000 Gt2712-Stwa Firmware	All versions
Mitsubishielectric	Got2000 Gt2712-Stba Firmware	All versions
Mitsubishielectric	Got2000 Gt2712-Stbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2715-Xtbd Firmware	All versions
Mitsubishielectric	Got2000 Gt2715-Xtba Firmware	All versions

References

https://jvn.jp/vu/JVNVU98072504Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02Third Party Advisory, US Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdfVendor Advisory
https://jvn.jp/vu/JVNVU98072504Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02Third Party Advisory, US Government Resource
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdfVendor Advisory

Timeline

Published: Nov 23, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-20601?

How severe is CVE-2021-20601?

CVE-2021-20601 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.28% probability of exploitation in the next 30 days.

How do I fix CVE-2021-20601?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-20601?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST