ICSA-22-130-06 · Published 2022-05-10 · View on CISA ICS-CERT ↗

Mitsubishi Electric MELSOFT GT OPC UA

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to send specially crafted messages, resulting in information disclosure or a denial-of-service condition.

CVEs (2)

CVE-2021-3712 CVE-2021-23840

Remediations

Mitsubishi Electric recommends users update software
Update MELSOFT GT OPC UA Client: Update to 1.03D or later
Update GT SoftGOT2000: Update to 1.275M or later
When connecting the products to the Internet, use a virtual private network (VPN, etc.) to prevent spoofing and sniffing.
Use the products within the LAN and block access from untrusted networks and hosts.
Update the OPC UA server to the latest version.
Install antivirus software.
Restrict physical access to computers and network equipment that use the affected products.

Affected Vendors

Mitsubishi Electric

Affected Products (2)

Mitsubishi Electric · GT SoftGOT2000 >= 1.215Z | <= 1.270G

Mitsubishi Electric · MELSOFT GT OPC UA Client >= 1.00A | <= 1.02C

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more