Mitsubishi Electric GOT2000

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition by sending a specially crafted command.

CVEs (1)

Remediations

• GT27 Model: Update to FTP server versions 01.47.000 or later
• GT25 Model: Update to FTP server versions 01.47.000 or later
• GT23 Model: Update to FTP server versions 01.47.000 or later
• 1. Download the fixed version of GT Designer3 Version1 (GOT2000) and install on a compatible device.
• Users should contact Mitsubishi Electric for GT Designer3 Version1 (GOT2000).
• 2. Start the GT Designer3 Version1 (GOT2000) and open the project data used in affected products.
• 3. Select [Write to GOT] from [Communication] menu to write the required package data to the GOT.
• Users can refer to the GT Designer3 Version1 (GOT2000) Screen Design Manual (SH-081220ENG). “COMMUNICATING WITH GOT”
• 4. After writing the required package data to the GOT, refer to the <How to check the versions in use> and ensure the software has been updated to the fixed versions.
• When internet access is required, use a virtual private network (VPN) or other secure means to prevent unauthorized access.
• Only use products inside a local area network (LAN).
• Block access from untrusted networks and hosts.
• Install antivirus software on the host where products are installed.
• Set strong passwords to prevent unauthorized login.
• Use the IP filter function*1 to control IP address access to the host machine with installed software *1: GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). “5.4.3 Setting the IP filter”
• *1: GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). “5.4.3 Setting the IP filter”
• Users should refer to Mitsubishi Electric's security advisory for further information.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing