Mitsubishi Electric GT25-WLAN

Risk Summary

There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.

CVEs (7)

Remediations

• For users who use the affected products and versions, please update to the fixed versions
• Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
• The latest version of the manual is available from Mitsubishi Electric FA Global Website.
• Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
• Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
• Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
• Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
• Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
• After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
• When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
• For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
• Use WPA or WPA2 as the security authentication method for wireless LAN.
• Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
• When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
• If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
• Set password for the router's Management portal, which is difficult to be identified.
• Check the following when using a computer or tablet, etc., on the same network.
• Update Antivirus software to the latest version.
• Do not open or access suspicious attachment file or linked URL.
• This does not include countermeasures for CVE-2020-26146

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing