CVE-2020-5600
published 2020-07-07CVE-2020-5600: TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.02%
78.5th percentile
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishielectric | coreos | <= y | — |
| pretix | pretix | >= 0 < 2026.1.2 | 2026.1.2 |
| pretix | pretix | >= 2026.2.0 < 2026.2.1 | 2026.2.1 |
| pretix | pretix | >= 2026.3.0 < 2026.3.1 | 2026.3.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pretix: API leaks check-in data between events of the same organizer
ghsa·2026-04-08
CVE-2026-5600 [MEDIUM] CWE-653 pretix: API leaks check-in data between events of the same organizer
pretix: API leaks check-in data between events of the same organizer
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those they should not have access to.
These records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example:
{
"id": 123,
"successful": true,
"error_reason": null,
"error_explanation": null,
"position": 321,
"datetime": "2020-08-23T09:00:00+02:00",
"list": 456,
"created": "2020-08-23T09:00:00+02:00",
"auto_checked_in": false,
"gate": null,
"device": 1,
"device_id": 1,
"type": "en
GHSA
GHSA-wjpf-6j9q-4h5x: TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model
ghsa_unreviewed·2022-05-24
CVE-2020-5600 [MEDIUM] CWE-400 GHSA-wjpf-6j9q-4h5x: TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
CISA ICS
Mitsubishi Electric GOT2000 Series
cisa_ics·2020-07-07·CVSS 9.8
[CRITICAL] Mitsubishi Electric GOT2000 Series
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric GOT2000 Series
Last RevisedJuly 07, 2020
Alert CodeICSA-20-189-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Mitsubishi Electric
- Equipment: GOT2000 Series
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-serv
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-07
Published