Mitsubishi Electric MELSOFT GT OPC UA

Plan Patch7.5ICS-CERT ICSA-22-130-06May 10, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MELSOFT GT OPC UA Client (versions 1.00A through 1.02C) and GT SoftGOT2000 (versions 1.215Z through 1.270G) contain buffer overflow (CWE-125) and integer overflow (CWE-190) vulnerabilities in message handling. A remote attacker can send specially crafted OPC UA protocol messages to cause denial of service (application crash) or information disclosure (memory leak). No authentication is required.

What this means

What could happen

An attacker on the network could send crafted messages to cause the software to crash (denial of service) or leak sensitive information like configuration data or process parameters, disrupting monitoring and control of power systems.

Who's at risk

Energy sector organizations using Mitsubishi Electric MELSOFT GT OPC UA Client or GT SoftGOT2000 for SCADA supervision and control operations. This affects power generation, transmission, and distribution utilities that rely on Mitsubishi HMI/SCADA software for real-time monitoring and setpoint management.

How it could be exploited

An attacker with network access to a system running MELSOFT GT OPC UA Client or GT SoftGOT2000 can craft and send specially formatted OPC UA protocol messages that trigger a buffer overflow (CWE-125) or integer overflow (CWE-190) condition, crashing the application or causing memory disclosure.

Prerequisites

Network access to the OPC UA port on the affected host (typically port 4840 or configured alternate port)
No credentials required; the OPC UA server must be reachable and running the vulnerable software
Software must be a version in the vulnerable range (MELSOFT GT OPC UA Client 1.00A–1.02C or GT SoftGOT2000 1.215Z–1.270G)

remotely exploitableno authentication requiredlow complexityaffects energy sectordenial-of-service impact on control operations

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

GT SoftGOT2000:≥ 1.215Z | ≤ 1.270G1.03D

MELSOFT GT OPC UA Client:≥ 1.00A | ≤ 1.02C1.03D

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDRestrict network access to OPC UA ports from untrusted networks; allow only traffic from known engineering workstations and control systems within the LAN

WORKAROUNDIf internet connectivity is required, route all traffic through a VPN to prevent direct exposure of OPC UA services

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MELSOFT GT OPC UA Client to version 1.03D or later

HOTFIXUpdate GT SoftGOT2000 to version 1.275M or later

HOTFIXUpdate the OPC UA server software to the latest available version

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate control system networks from the business network and the Internet

HARDENINGRestrict physical access to computers and network equipment running these products

CVEs (2)

CVE-2021-3712 CVE-2021-23840

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63c76bd3-cee4-4e80-99f8-678712b178eb