Mitsubishi Electric GT25-WLAN

Monitor6.5ICS-CERT ICSA-22-102-04Apr 12, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The GT25-WLAN contains design flaws in IEEE 802.11 wireless frame fragmentation and aggregation functionality. These flaws allow an attacker within wireless range to intercept communications or inject unauthorized packets into the wireless stream without authentication at the application layer.

What this means

What could happen

An attacker on the same wireless network could intercept sensitive communications from the GT25-WLAN device or inject unauthorized packets, potentially allowing them to alter setpoints, disable alarms, or disrupt communication with connected control systems.

Who's at risk

Energy sector operators using Mitsubishi Electric GT25-WLAN wireless gateway devices in power generation, distribution, or control applications where the device communicates setpoints, status, or telemetry to supervisory control systems or HMIs.

How it could be exploited

An attacker within wireless range of the GT25-WLAN broadcasts specially crafted 802.11 frames exploiting fragmentation or aggregation flaws. The device reassembles these frames incorrectly, allowing the attacker to eavesdrop on unencrypted traffic or inject malicious commands into the communication stream.

Prerequisites

Wireless network access (same network as GT25-WLAN)
Physical or RF proximity to the device
No authentication required to send 802.11 frames at the wireless layer

No patch available for affected versionsAffects wireless communication securityLow complexity attackPhysical proximity or RF proximity required reduces immediate risk

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (1)

ProductAffected VersionsFix Status

GT25-WLAN:≤ 01.39.000No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGEnsure wireless network is not accessible from the Internet; use network segregation to isolate the GT25-WLAN and associated HMI/control devices from business networks

WORKAROUNDDisable wireless access if not required and use wired Ethernet connection instead

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGEnable WPA3 encryption and strong pre-shared key (PSK) if wireless must remain enabled; monitor wireless traffic for suspicious 802.11 frame patterns

HOTFIXMonitor Mitsubishi Electric for firmware updates to GT25-WLAN and apply when available

CVEs (7)

CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26140 CVE-2020-26143 CVE-2020-26144 CVE-2020-26146

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/daf49523-a4e8-452d-a251-76f9622df8f3