Mitsubishi Electric GOT2000 Series and GT SoftGOT2000

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to perform unintended operations through clickjacking (an attack that tricks users into clicking an invisible or disguised webpage element) or allow attackers to disclose sensitive information from their browsers or impersonate legitimate users by abusing inappropriate HTML attributes.

CVEs (2)

Remediations

• Mitsubishi Electric recommends users update to the latest software versions. Mitsubishi Electric's security advisory contains step-by-step update instructions:
• GT27 model: Update to GOT Mobile version 01.48.000 or later.
• GT25 model: Update to GOT Mobile version 01.48.000 or later.
• GT SoftGOT2000: Update to software version 1.290C or later.
• When internet access is required, use a firewall, virtual private network (VPN), etc. to prevent unauthorized access.
• Use devices within a local area network (LAN) and block access from untrusted networks and hosts.
• Install antivirus software on hosts running affected software/firmware.
• Use the IP filter function to control access via IP address.
• GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). “5.4.3 Setting the IP filter”
• Disable GOT Mobile Function.
• Users should refer to Mitsubishi Electric's security advisory for further information.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing