Mitsubishi Electric GOT2000 series and GT SoftGOT2000

Monitor5.9ICS-CERT ICSA-21-208-02Jul 27, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Mitsubishi Electric GOT2000 series HMI communication driver (versions greater than 01.19.000 and less than 01.39.010) and GT SoftGOT2000 (versions greater than 1.170c and less than 1.256S). The flaw allows a remote attacker to send specially crafted network packets that cause the HMI application to become unresponsive, requiring a restart. The vulnerability has high attack complexity and no known public exploits currently exist.

What this means

What could happen

An attacker can cause the GOT2000 HMI or SoftGOT2000 software to become unresponsive, disrupting operator visibility and control of plant operations until the system is restarted.

Who's at risk

Energy utilities and manufacturing plants using Mitsubishi Electric GOT2000 series HMI touchpanels (GT27, GT25, GT23 models) or the GT SoftGOT2000 software-based HMI should assess their use. This affects human-machine interfaces that display process data and allow operators to control plant equipment.

How it could be exploited

An attacker on the network sends specially crafted packets to the GOT2000 communication driver or SoftGOT2000 application. The packets trigger a flaw in how the software processes network input, causing the application to hang or crash and stop responding to legitimate operator commands.

Prerequisites

Network connectivity to the GOT2000 or SoftGOT2000 device/application port
Vulnerable communication driver or SoftGOT2000 version running
High attack complexity - attacker must know specific packet structure to trigger the flaw

remotely exploitablehigh attack complexitylow EPSS score (0.4%)not actively exploited

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

GOT2000 models GT27 GT25 GT23: All communication driver> 01.19.000 | < 01.39.0101.26W

GT SoftGOT2000: All> 1.170c | < 1.256S1.26W

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDeploy firewall rules or VPN to restrict network access to GOT2000 and SoftGOT2000 systems from untrusted networks and the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GOT2000 models GT27, GT25, GT23 communication driver to version 01.40.000 or later (included in GT Designer3 Version 1.260W or later)

HOTFIXUpdate GT SoftGOT2000 to version 1.26W or later

Long-term hardening

0/2

HARDENINGRestrict GOT2000 and SoftGOT2000 to operate only on your LAN; block all incoming connections from external networks

HARDENINGInstall antivirus software on engineering workstations and computers that access the GOT2000 or SoftGOT2000

CVEs (1)

CVE-2021-20592

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7e6ea11e-fdd4-4ab6-a208-feb8221a008f