Mitsubishi Electric GOT products
Monitor7.5ICS-CERT ICSA-21-320-02Nov 16, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Mitsubishi Electric GOT (Graphical Operation Terminal) products contain an input validation vulnerability (CWE-20) that could allow unauthorized modification of device operations. Affected models include GT25, GT27, GT23, GS21, GT21, and GT SoftGOT2000 across all firmware versions. No patches are available from the vendor.
What this means
What could happen
An attacker with network access could send malicious input to alter the behavior or state of the GOT terminal, potentially disrupting operator visibility and control of industrial processes, though the vulnerability does not directly execute arbitrary code on the device.
Who's at risk
Operators at energy utilities and water authorities using Mitsubishi Electric GOT human-machine interface (HMI) terminals for process monitoring and control. This affects both hardwired GT-series panels and the SoftGOT2000 software-based HMI running on engineering workstations or control servers.
How it could be exploited
An attacker on the network sends crafted input or commands to the GOT device (port 502 or management interface) without authentication. The device fails to properly validate the input, allowing the attacker to modify device settings or operations. This could change process parameters, disable alarms, or alter the display shown to operators.
Prerequisites
- Network access to the GOT device management interface or protocol port
- No authentication required
- GOT device reachable from an untrusted network segment or the internet
remotely exploitableno authentication requiredlow complexityno patch availableaffects human-machine interface in safety-critical operations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (6)
6 EOL
ProductAffected VersionsFix Status
GT25 model: All versionsAll versionsNo fix (EOL)
GT27 model: All versionsAll versionsNo fix (EOL)
GT23 model: All versionsAll versionsNo fix (EOL)
GS21 model: All versionsAll versionsNo fix (EOL)
GT21 model: All versionsAll versionsNo fix (EOL)
GT SoftGOT2000: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3WORKAROUNDInstall a firewall between GOT devices and untrusted networks; block inbound access to GOT management ports from the internet and other business networks
WORKAROUNDConfigure IP filter rules on the GOT device (if available) to restrict management access to known engineering workstations and admin PCs only
WORKAROUNDIf remote access to GOT is required, use a VPN with current security patches; do not expose management interfaces directly to the internet
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGInstall antivirus software on all engineering workstations and servers that manage or access GOT devices
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: GT25 model: All versions, GT27 model: All versions, GT23 model: All versions, GS21 model: All versions, GT21 model: All versions, GT SoftGOT2000: All versions. Apply the following compensating controls:
HARDENINGIsolate GOT devices to a dedicated control network LAN; do not allow direct connectivity from business networks or internet-connected systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/15361277-5c36-45bc-b1f9-1f7962d84a69