ICSA-21-131-02
·
Published 2022-01-20
·
View on CISA ICS-CERT ↗
Mitsubishi Electric GOT and Tension Controller (Update A)
CVSS 5.9
MEDIUM
Risk Summary
Successful exploitation of this vulnerability may be able to stop the communication function of the products, requiring a reset to regain functionality.
CVEs (1)
Remediations
- GOT2000 series: GT27 model, GT25 model, and GT23 model: update to 01.39.000 or later.
- GOT2000 series: GT21 model: update to 01.40.000 or later.
- GOT SIMPLE series GS21 model: update to 01.40.000 or later.
- GT SoftGOT2000: update to 1.255R or later.
- LE7-40GU-L Screen package data for MODBUS/TCP: update to v1.01 or later.
- Please refer to the Mitsubishi Electric website for detailed update procedures.
- When connecting the product to the Internet, use a firewall or virtual private network (VPN) to prevent unauthorized access.
- Use it within the LAN and make it inaccessible from untrusted networks and hosts.
- Install antivirus software on a computer that can access the product.
Affected Vendors
Mitsubishi Electric
Affected Products (7)
Mitsubishi Electric
·
GT23 model
>= 01.19.000 | <= 01.38.000
Mitsubishi Electric
·
LE7-40GU-L Screen package data for MODBUS/TCP
1
Mitsubishi Electric
·
GS21 model
>= 01.21.000 | <= 01.39.000
Mitsubishi Electric
·
GT27 model
>= 01.19.000 | <= 01.38.000
Mitsubishi Electric
·
GT25 model
>= 01.19.000 | <= 01.38.000
Mitsubishi Electric
·
GT SoftGOT2000
>= 1.170C | <= 1.250L
Mitsubishi Electric
·
GT21 model
>= 01.21.000 | <= 01.39.000
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more