OTPulse
FeedAboutContact

Mitsubishi Electric GX Works2

Monitor5.3ICS-CERT ICSA-21-350-04Dec 16, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

GX Works2 versions 1.606G and earlier contain a vulnerability that can be triggered by a malicious network message when a user interacts with crafted input. Successful exploitation causes a denial-of-service condition, making the software unresponsive. This affects the engineering workstations used to program and update Mitsubishi Electric PLCs.

What this means
What could happen
An attacker could cause GX Works2 to stop responding or crash, disrupting engineering work and potentially preventing updates to PLC programs during maintenance windows.
Who's at risk
Energy sector organizations using Mitsubishi Electric GX Works2 engineering software on their workstations. This affects anyone responsible for programming or maintaining Mitsubishi Electric PLC systems.
How it could be exploited
An attacker with network access to a workstation running GX Works2 could send a crafted network message to trigger a denial-of-service condition in the application. User interaction is required (opening a file or following a link).
Prerequisites
  • Network access to the workstation running GX Works2
  • User must interact with a malicious input (click a link or open a file)
  • GX Works2 version 1.606G or earlier
remotely exploitablerequires user interactionaffects engineering toolsmedium severity
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
GX Works2:≤ 1.606G1.610L or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to engineering workstations running GX Works2 to trusted networks and hosts only
HARDENINGRequire VPN for any remote access to engineering workstations or Mitsubishi Electric PLCs
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GX Works2 to version 1.610L or later
Long-term hardening
0/1
HARDENINGPlace engineering workstations and control system networks behind firewalls and isolate from the business network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8d1f873f-f07f-43fc-8af0-2cb36fcb7a3e