← Back to home
ICSA-23-138-02  ·  Published 2023-08-22  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC WS Series

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to bypass authentication and log in by connecting to the module via telnet to reset the module or, if certain conditions are met, either disclose or tamper with the module's configuration, or rewrite the firmware.

CVEs (1)

Remediations

  • Mitsubishi Electric has released the following versions to fix this vulnerability: WS0-GETH00200: Serial numbers 2311**** and later.
  • For the affected products, Mitsubishi Electric recommends users to take the following mitigation measures:
  • Set password for telnet sessions that are difficult for third parties to guess. The password can be up to 15 characters long. Note that "[space]" in the input string represents a single-byte space. Users can change the password for the telnet session of the affected product by using the telnet client and performing:
  • Password setting: (1) Enter "telnet[space]" followed by the IP address of the affected product and press the Enter key. (2) When "Password" is displayed, press the Enter key without entering anything. (3) When "telnet>" is displayed, enter "password[space]" followed by the desired password string and press the Enter key. (4) Enter "quit" and press the Enter key.
  • Confirm the password is set: (1) After the Password setting process, enter "telnet[space]" followed by the IP address of the affected product and press the Enter key. (2) When "Password" is displayed, enter the password string set in the Password setting process and press the Enter key. (3) If "telnet>" is displayed, the password is set correctly. (4) Enter "quit" and press the Enter key.
  • Alternatively, Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:
  • Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use product within a local area network (LAN) and use firewalls to block access from untrusted networks and hosts.
  • Restrict physical access to prevent untrusted devices from connecting to the LAN.
  • For more information, see Mitsubishi Electric's Security Advisory.

Affected Vendors

Mitsubishi Electric

Affected Products (1)

Mitsubishi Electric · WS0-GETH00200 <= Serial Numbers 2310****

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more