Mitsubishi Electric GOT and Tension Controller (Update B)

Plan Patch7.5ICS-CERT ICSA-20-343-02Dec 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability exists in Mitsubishi Electric GOT2000 series GT21 models, GOT SIMPLE series GS21 models, and LE7-40GU-L tension controllers. Successful exploitation could cause deterioration of TCP communication performance or a denial-of-service condition that requires device reboot to recover.

What this means

What could happen

An attacker could disrupt communications with your HMI terminals or tension controllers by triggering a denial-of-service condition, causing loss of operator visibility and potential loss of control of the production process until the device restarts.

Who's at risk

Water and electric utilities operating Mitsubishi Electric GOT2000 series GT21 HMI terminals (GS2110-WTBD-N, GT2103-PMBD, GT2107-WTSD, GT2104-PMBD, GT2104-RTBD, GS2110-WTBD, GT2107-WTBD, GS2107-WTBD, GS2107-WTBD-N) or LE7-40GU-L tension controllers used in process automation and production line tension monitoring should prioritize assessment and patching of these devices.

How it could be exploited

An attacker on the same network as the affected GOT or tension controller can send a malformed TCP packet to trigger the buffer overflow, causing the communication stack to fail and forcing a reboot of the device.

Prerequisites

Network access to TCP port (likely 502 for Modbus or proprietary Mitsubishi port)
Device must be running vulnerable firmware version 01.39.000 or earlier (GOT models) or v1.00 or earlier (LE7 tension controller)

remotely exploitableno authentication requiredlow complexityaffects HMI/SCADA visibilitydenial of service impact

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (12)

12 with fix

ProductAffected VersionsFix Status

GS2110-WTBD-N:≤ 01.39.00001.40.000

GT2103-PMBD:≤ 01.39.00001.40.000

GT2107-WTSD:≤ 01.39.00001.40.000

GT2104-PMBD:≤ 01.39.00001.40.000

GT2104-RTBD:≤ 01.39.00001.40.000

LE7-40GU-L Screen package data for CC-Link IEF Basic: v1.0011.01

LE7-40GU-L Screen package data for SLMP: v1.0011.01

LE7-40GU-L Screen package data for MODBUS/TCP: v1.0011.01

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to affected HMI and tension controller devices to trusted hosts and networks only until patching is complete

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GOT2000 GT21/GS21 models to firmware version 01.40.000 or later using GT Designer3(2000) version 1.255R or later

HOTFIXUpdate LE7-40GU-L tension controller screen package data to version 1.01 or later (CC-Link IEF Basic, SLMP, and Modbus/TCP variants) using Data Transfer Tool or GT Designer3(2000)

Long-term hardening

0/2

HARDENINGIsolate all control system devices behind firewalls and segment them from the business network

HARDENINGEnsure control system devices are not accessible from the Internet

CVEs (1)

CVE-2020-5675

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74f72ade-d8da-4e3e-91f6-6ebdfd06134f