← Back to home
ICSA-20-343-02  ·  Published 2022-01-20  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric GOT and Tension Controller (Update B)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow malicious attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products requiring a re-boot of the device to recover.

CVEs (1)

Remediations

  • Mitsubishi Electric has fixed the basic system application for GOT2000 series GT21 model or GOT SIMPLE series GS21 model, which is shipped with GT Designer3 (2000) versions 1.255R or later.
  • To apply version v01.40.000 or later to GOT2000 series GT21 model or GOT SIMPLE series GS21 model, use the following update procedure:
  • Download the fixed version of MELSOFT GT Designer3(2000) and install into the PC. Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3(2000).
  • Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
  • Select Write to GOT from Communication menu to write the required package data to the GOT.
  • Please refer to the GT Designer3 (GOT2000) Screen Design Manual.
  • After writing the required package data to the GOT, refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.
  • Mitsubishi Electric has provided the following procedure to update the tension controller to: Version 1.01 or later:
  • Contact a Mitsubishi Electric representative for the fixed version of the screen package data.
  • Install the engineering tool (“Data Transfer Tool” or “GT Designer 3 (GOT2000)”) in your PC. Contact a Mitsubishi Electric representative for the latest engineering tool.
  • Connect LE7-40GU-L and your PC with a USB cable.
  • Write the screen package data to LE7-40GU-L using the “GOT write” function of the engineering tool.
  • After writing is completed, restart LE7-40GU-L.
  • Refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.
  • Until the update can be applied, Mitsubishi Electric asks that users restrict access to the product only from trusted networks and hosts.
  • Please refer to the Mitsubishi Electric website for details.
  • Additional information about the vulnerability or Mitsubishi Electric recommendations is available by contacting a Mitsubishi Electric representative.

Affected Vendors

Mitsubishi Electric

Affected Products (12)

Mitsubishi Electric · GT2107-WTBD <= 01.39.000
Mitsubishi Electric · GS2110-WTBD-N <= 01.39.000
Mitsubishi Electric · GT2103-PMBD <= 01.39.000
Mitsubishi Electric · GT2107-WTSD <= 01.39.000
Mitsubishi Electric · GS2107-WTBD <= 01.39.000
Mitsubishi Electric · GS2107-WTBD-N <= 01.39.000
Mitsubishi Electric · GT2104-PMBD <= 01.39.000
Mitsubishi Electric · GT2104-RTBD <= 01.39.000
Mitsubishi Electric · LE7-40GU-L Screen package data for CC-Link IEF Basic 1
Mitsubishi Electric · LE7-40GU-L Screen package data for SLMP 1
Mitsubishi Electric · LE7-40GU-L Screen package data for MODBUS/TCP 1
Mitsubishi Electric · GS2110-WTBD <= 01.39.000

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more