Mitsubishi Electric GOT and Tension Controller (Update A)

MonitorCVSS 7.5ICS-CERT ICSA-21-278-01Oct 5, 2021

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Specially crafted network packets sent to Mitsubishi Electric GOT (Graphic Operation Terminal) operator panels and tension controller devices can cause a denial-of-service condition due to improper input validation (CWE-20) and missing error handling (CWE-755). Affected devices include GT2104-RTBD, GT2107-WTBD, GT2104-PMBD, GS2110-WTBD-N, GS2110-WTBD, LE7-40GU-L, GT2103-PMBD, GS2107-WTBD, GS2107-WTBD-N, and GT2107-WTSD. No vendor patch is available; Mitsubishi Electric has stated in Update A that further research shows these vulnerabilities may not impact the listed devices, and the vendor is removing its vulnerability notice.

What this means

What could happen

An attacker with network access could send specially crafted packets to cause a denial-of-service condition, temporarily halting communication with the affected operator interface or tension controller until the device is restarted.

Who's at risk

This affects operators of Mitsubishi Electric HMI (human-machine interface) operator panels and tension controllers used in energy generation and distribution facilities. Equipment types include GT series graphic terminals and GS series/LE series tension controllers used for process control and monitoring in power plants and electrical substations.

How it could be exploited

An attacker sends specially crafted network packets to the device's listening port. The device processes the malformed packets without proper validation, crashes, and becomes unresponsive to legitimate control commands until manually restarted.

Prerequisites

Network access to the affected device on its communications port
No authentication required

remotely exploitableno authentication requiredlow complexityno patch available

Affected products (10)

10 EOL

ProductAffected VersionsFix Status

GT2104-RTBD: All versionsAll versionsNo fix (EOL)

GT2107-WTBD: All versionsAll versionsNo fix (EOL)

GT2104-PMBD: All versionsAll versionsNo fix (EOL)

GS2110-WTBD-N: All versionsAll versionsNo fix (EOL)

GS2110-WTBD: All versionsAll versionsNo fix (EOL)

LE7-40GU-L: All versionsAll versionsNo fix (EOL)

GT2103-PMBD: All versionsAll versionsNo fix (EOL)

GS2107-WTBD: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDEstablish a manual restart procedure and operator training to quickly recover devices when they become unresponsive

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: GT2104-RTBD: All versions, GT2107-WTBD: All versions, GT2104-PMBD: All versions, GS2110-WTBD-N: All versions, GS2110-WTBD: All versions, LE7-40GU-L: All versions, GT2103-PMBD: All versions, GS2107-WTBD: All versions, GT2107-WTSD: All versions, GS2107-WTBD-N: All versions. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the affected GOT and tension controller devices from untrusted networks

HARDENINGMonitor network traffic to the affected devices for anomalous or malformed packets that could trigger denial-of-service conditions

CVEs (4)

CVE-2021-20602 CVE-2021-20603 CVE-2021-20604 CVE-2021-20605

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2a18cb61-d653-4092-a130-48dcf5df3ee2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.