Mitsubishi Electric GT14 Model of GOT1000 Series

Act Now9.8ICS-CERT ICSA-20-310-02Nov 5, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple memory safety and input validation vulnerabilities exist in Mitsubishi Electric GOT1000 series HMI devices running CoreOS. These flaws (CWE-119, CWE-384, CWE-476, CWE-284, CWE-88, CWE-20) can result in denial-of-service or remote code execution. All firmware versions are vulnerable. The device is a touchscreen HMI used for operator control and monitoring of industrial processes.

What this means

What could happen

An attacker could crash the GOT1000 HMI device or execute arbitrary code on it, disrupting operator visibility and control of connected industrial processes. This could prevent monitoring and response to equipment faults or unsafe conditions.

Who's at risk

Electric utilities and other energy sector operators using Mitsubishi Electric GT14 model GOT1000 series HMI (Human-Machine Interface) devices should assess their exposure. These touch-screen operator panels are typically used for real-time monitoring and control of substations, distribution equipment, and generation plants. All variants (GT1455-QTBDE, GT1450HS-QMBDE, GT1450-QMBDE, GT1455HS-QTBDE, GT1450-QLBDE) are affected.

How it could be exploited

An attacker with network access to the GOT1000 HMI device could send specially crafted network packets that trigger memory safety or input validation flaws, causing the device to crash or allowing code execution with the privileges of the running process. No authentication or user interaction is required.

Prerequisites

Network access to the GOT1000 HMI device on the industrial network
Device must be running affected CoreOS version (all versions are vulnerable)

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableCritical CVSS score (9.8)Affects operator visibility and control systems

Exploitability

Moderate exploit probability (EPSS 1.2%)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

GT1455-QTBDE: with CoreOSAll versionsNo fix (EOL)

GT1450HS-QMBDE: with CoreOSAll versionsNo fix (EOL)

GT1450-QMBDE: with CoreOSAll versionsNo fix (EOL)

GT1455HS-QTBDE: with CoreOSAll versionsNo fix (EOL)

GT1450-QLBDE: with CoreOSAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to GOT1000 devices from trusted networks and hosts only

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: GT1455-QTBDE: with CoreOS, GT1450HS-QMBDE: with CoreOS, GT1450-QMBDE: with CoreOS, GT1455HS-QTBDE: with CoreOS, GT1450-QLBDE: with CoreOS. Apply the following compensating controls:

HARDENINGIsolate all GOT1000 HMI devices and their connected control systems behind a firewall, separate from the business network

HARDENINGMinimize or eliminate direct Internet routing to any GOT1000 device

HARDENINGIf remote access to GOT1000 is required, implement VPN access with multi-factor authentication and keep VPN software updated

CVEs (6)

CVE-2020-5644 CVE-2020-5645 CVE-2020-5646 CVE-2020-5647 CVE-2020-5648 CVE-2020-5649

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4e2c9168-8e3a-4996-9754-ee2669895ad7