CVE-2021-20592 in GOT2000info

Summary

by MITRE • 08/06/2021

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/08/2021

This vulnerability affects communication drivers in GOT2000 series devices including GT27 GT25 GT23 models and GT SoftGOT2000 software versions within specific version ranges. The core issue stems from inadequate synchronization mechanisms within the MODBUS/TCP slave communication function implementation. When multiple rapid connection and disconnection attempts occur in succession, the driver fails to properly manage concurrent access to shared resources, leading to a denial of service condition that renders the communication function unavailable.

The technical flaw manifests as a missing synchronization primitive that should protect critical sections of code handling MODBUS/TCP connections. This weakness enables a remote unauthenticated attacker to exploit the vulnerability by establishing and terminating connections at high frequency against the target device's MODBUS/TCP port. The lack of proper mutex or semaphore controls means that concurrent access to shared data structures or communication buffers can result in corrupted state information or resource exhaustion. According to CWE-362, this represents a race condition vulnerability where multiple threads or processes access shared resources without proper coordination mechanisms, directly contributing to the instability of the communication function.

The operational impact of this vulnerability extends beyond simple service disruption as it requires manual intervention through device restart or reset operations to restore normal functionality. This creates significant operational challenges for industrial control systems where availability is critical, potentially leading to production downtime or process interruption. The vulnerability affects devices that rely on MODBUS/TCP for communication with supervisory systems, making it particularly concerning for SCADA and industrial automation environments where such protocols are commonly deployed. The attack vector is particularly dangerous because it requires no authentication credentials and can be executed from any network location capable of reaching the target device's MODBUS/TCP port.

Mitigation strategies should focus on implementing proper synchronization mechanisms within the affected communication drivers, including the use of mutex locks or other thread synchronization primitives to protect critical sections of code. Network-level protections such as rate limiting or connection throttling can help reduce the impact of rapid connection attempts. Device administrators should also consider implementing network segmentation and access controls to limit exposure to unauthorized network traffic attempting to connect to MODBUS/TCP ports. The vulnerability aligns with ATT&CK technique T1499.001 which describes network denial of service attacks targeting industrial control systems. Organizations should prioritize updating affected devices to patched versions that include proper synchronization controls, as well as implementing monitoring to detect unusual connection patterns that may indicate exploitation attempts. Regular security assessments of industrial communication protocols and network infrastructure are essential to identify and remediate similar synchronization vulnerabilities across the operational technology environment.

Reservation

12/17/2020

Disclosure

08/06/2021

Moderation

accepted

CPE

ready

EPSS

0.01497

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!