Mitsubishi Electric GT and GOT Series Products

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords.

CVEs (1)

Remediations

• Mitsubishi Electric recommends updating to the following mitigated version to minimize the risk of exploiting this vulnerability:
• GT Designer3 Version1 (GOT2000): Update to v1.300N or later
• GT SoftGOT2000: Update to v1.300N or later
• GOT2000 (Models GT21, GT23, GT25, GT27): Update to v01.50.000 or later
• GOT SIMPLE (Models GS25, GS21): Update to v01.50.000 or later
• Mitsubishi Electric recommends taking applying the following mitigations to minimize the risk of exploiting this vulnerability:
• Encrypt communication paths to the affected product with a VPN or other means.
• When internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
• Use the affected products within a LAN and block access from untrusted networks and hosts.
• Prevent physical access to the network to which the product is connected.
• Install antivirus software on your personal computer that can access the affected product.
• Use the IP filter function to restrict the accessible IP addresses.
• For details on the IP filter function, please refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG), "5.4.3 Setting the IP filter."
• For update instructions and additional information, refer to Mitsubishi Electric's security bulletin.

Affected Vendors

Affected Products (4)

Affected Sectors

Critical Manufacturing