JVN#34145838
Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

Overview

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities.

Products Affected

• GC-A22W-CW all versions
• GC-A24W-C(W) all versions
• GC-A26W-C(W) all versions
• GC-A24 all versions
• GC-A24-M all versions
• GC-A25 all versions
• GC-A26 all versions
• GC-A26-J2 all versions
• GC-A27-C all versions
• GC-A28-C all versions

Description

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below.

• Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	Base Score: 7.5
  CVSS v2	AV:N/AC:L/Au:N/C:N/I:N/A:C	Base Score: 7.8

• Denial-of-service (DoS) vulnerability in commplex-link service (CWE-400) - CVE-2023-49140

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	Base Score: 7.5
  CVSS v2	AV:N/AC:L/Au:N/C:N/I:N/A:C	Base Score: 7.8

• Denial-of-service (DoS) vulnerability in rfe service (CWE-400) - CVE-2023-49143

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	Base Score: 7.5
  CVSS v2	AV:N/AC:L/Au:N/C:N/I:N/A:C	Base Score: 7.8

• Denial-of-service (DoS) vulnerability in NetBIOS service (CWE-400) - CVE-2023-49713

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	Base Score: 7.5
  CVSS v2	AV:N/AC:L/Au:N/C:N/I:N/A:C	Base Score: 7.8

Impact

A remote attacker may be able to cause a denial of service (DoS) condition by sending specially crafted packets to specific ports.

Solution

Apply the Workaround
Apply the following workaround to mitigate the impacts of these vulnerabilities.

• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when connecting the product to the Internet.