Mitsubishi Electric GOT and Tension Controller (Update A)

MonitorCVSS 5.9ICS-CERT ICSA-21-131-02May 11, 2021

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A buffer overflow vulnerability in Mitsubishi Electric GOT operator interface panels and LE7-40GU-L Tension Controllers allows a remote attacker on the network to send a specially crafted packet that disrupts the device's communication function. The affected device will stop communicating with controllers and systems and will require a manual reset to restore functionality. The vulnerability requires high attack complexity and no authentication, but affects multiple models of operator interface devices commonly used for production monitoring and control in industrial environments.

What this means

What could happen

An attacker could disrupt communication on Mitsubishi Electric operator interface panels (GOT series) and tension controllers, forcing a manual reset to restore operations. This could halt production monitoring and process control until the device is rebooted.

Who's at risk

Energy sector operators running Mitsubishi Electric GOT operator interface panels (GT23, GT21, GT25, GT27 models, GS21, SoftGOT2000) and LE7-40GU-L Tension Controllers with MODBUS/TCP connectivity should assess exposure. These devices are typically used for real-time process monitoring and control on production equipment and critical infrastructure.

How it could be exploited

An attacker on the network sends a specially crafted packet or sequence of requests to a GOT device running a vulnerable firmware version. The malformed input causes the communication function to fail, stopping the device from communicating with connected controllers and systems until manually reset.

Prerequisites

Network access to the GOT device or Tension Controller
Device running vulnerable firmware version (see affected products)
High attack complexity; attacker must craft specific malformed input

remotely exploitableno authentication requiredaffects production monitoring and control systemsrequires reset to restore operations

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

GT23 model:≥ 01.19.000 | ≤ 01.38.00001.40.000

LE7-40GU-L Screen package data for MODBUS/TCP: v1.00101.40.000

GS21 model:≥ 01.21.000 | ≤ 01.39.00001.40.000

GT27 model:≥ 01.19.000 | ≤ 01.38.00001.40.000

GT25 model:≥ 01.19.000 | ≤ 01.38.00001.40.000

GT SoftGOT2000:≥ 1.170C | ≤ 1.250L01.40.000

GT21 model:≥ 01.21.000 | ≤ 01.39.00001.40.000

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDRestrict network access to GOT devices using firewall rules; block inbound traffic from untrusted networks on the ports used by these devices

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GOT2000 GT27, GT25, and GT23 models to firmware version 01.39.000 or later

HOTFIXUpdate GOT2000 GT21 model to firmware version 01.40.000 or later

HOTFIXUpdate GOT SIMPLE GS21 model to firmware version 01.40.000 or later

HOTFIXUpdate GT SoftGOT2000 to version 1.255R or later

HOTFIXUpdate LE7-40GU-L Screen package data for MODBUS/TCP to v1.01 or later

Long-term hardening

0/1

HARDENINGIsolate GOT devices to the local plant network (LAN); do not expose to the Internet or untrusted network segments

CVEs (1)

CVE-2021-20589

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5c1e456a-1828-4973-824c-1e46ef621476

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.