← Back to home
ICSA-23-215-01  ·  Published 2023-08-03  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric GOT2000 and GOT SIMPLE

CVSS 5.9 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections.

CVEs (1)

Remediations

  • Mitsubishi Electric has created the following versions to fix this issue:
  • GOT2000 Series, GT21 model version 01.50.000 or later
  • GOT SIMPLE, GS21 model version 01.50.000 or later
  • Mitsubishi Electric recommends the following steps to update:
  • Please contact your local Mitsubishi Electric representative to download the fixed version of GT Designer3 Version1 (GOT2000) and install on a personal computer.
  • Start the GT Designer3 Version1 (GOT2000) and open the project data used in affected products.
  • Select [Write to GOT] from [Communication] menu to write the required package data to the GOT.Please refer to the GT Designer3 Version1 (GOT2000) Screen Design Manual (SH-081220ENG). "4. COMMUNICATING WITH GOT"
  • After writing the required package data to the GOT, refer to the and check that the software has been updated to the fixed versions.
  • The fixed versions are shipped with GT Designer3 Version1(GOT2000) Ver. 1.300 N or later.
  • Mitsubishi Electric recommends that customers take the following mitigations or workarounds to minimize the risk of exploiting this vulnerability:
  • Restrict physical access to the product and the LAN to which it is connected.
  • When Internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
  • Use the products within a LAN and block access from untrusted networks and hosts.
  • Install antivirus software on your computer that can access the affected product.
  • Use the IP filter function to restrict the accessible IP addresses.
  • GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). "5.4.3 Setting the IP filter"
  • Review whether the FTP server function is required or not, and if not, disable the FTP server function. Users should refer to Mitsubishi Electric's security advisory for further information.

Affected Vendors

Mitsubishi Electric

Affected Products (2)

Mitsubishi Electric · GOT2000 Series, GT21 model <= 01.49.000
Mitsubishi Electric · GOT SIMPLE, GS21 model <= 01.49.000

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more